Hello,
I have been setting up advpn as part of a deployment using ecdsa-signatures-256. Root CA and Local Certificate are successfully loaded onto the box.
Using the documentation: https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-auto-discovery-vpns.html
I was trying to use the following to bring up the tunnel, referencing the OU inside the local certs.
Hub:
set security ike gateway PARTNER_GW local-identity distinguished-name
set security ike gateway PARTNER_GW remote-identity distinguished-name container OU=Sales
Spoke:
set security ike gateway PARTNER_GW local-identity distinguished-name
set security ike gateway PARTNER_GW remote-identity distinguished-name container OU=Sales
However I had no luck, I then removed the remote-identity configuration on the spoke and added
set security ike gateway PARTNER_GW general-ikeid
The tunnel then came up, what are the risks/drawbacks of using this, will this affect the ADVPN setup as I add more spokes? Basically I am just trying to understand what general-ikeid does in some level of detail.
Thanks.
#SRX#advpn