The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations.
An XCCDF Rule
Description
Use of IKEv2 leverages DoS protections because of improved bandwidth management and leverages more secure encryption algorithms.
- ID
- SV-214683r997555_rule
- Version
- JUSX-VN-000016
- Severity
- Medium
- References
- Updated
Remediation Templates
A Manual Procedure
For site-to-site VPNs, configure the Juniper SRX to use IKEv2 only.
[edit]
set security ike gateway <VPN-GATEWAY> address <GW-IP-ADDRESS>
set security ike gateway <VPN-GATEWAY> version v2-only