SRX

 View Only
last person joined: 16 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Upgrade VPN from IKE V1 to IKE V2

    Posted 04-20-2023 01:32

    Hi All,
    We have a requirement VPN IKE upgradation like below...VPN running on IKEv1 now.
    "Client wants to upgrade VPN from IKE V1 to IKE V2",how to proceed and what we have to check on firewall. please help on this requirement.

                                 
    Topology:
      Our side-----Client side

    Thanks
    Rakesh



    ------------------------------
    Rakesh A
    ------------------------------


  • 2.  RE: Upgrade VPN from IKE V1 to IKE V2

    Posted 04-20-2023 20:37

    Both sides will need to change the proposals to the new and agreed upon settings before this will take effect.

    When the change is made the tunnel will bounce so traffic will be interrupted.

    The new IKE settings would be created as a proposal
    Then removing the old proposal in the gateway configuration with the new one having the agreed IKEv2 settings

    example
    https://supportportal.juniper.net/s/article/vSRX-SRX-Example-Site-to-site-IPSEC-IKEv2-VPN-configuration-between-vSRX-and-strongSwan-using-pre-shared-keys



    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP - Retired)
    http://puluka.com/home
    ------------------------------