Within this article we will look at the commands required for configuring a Site to Site VPN when one peer is using a dynamic IP address.<\/p>\n
Note :<\/strong><\/em> This article does not include the VPN configuration in its entirety only the additional\/amended commands required for this scenario.<\/p>\n There are 3 configuration settings that are defined. These are :<\/p>\n Below shows the 4 main configuration settings required on the SRX device configured to use a dynamic IP address.<\/p>\n Note :<\/strong><\/em> The peer IP 88.88.88.88 is the remote peer IP address.<\/p>\n root@srx100> show configuration security ipsec vpn VPN-EXAMPLE root@srx100> show configuration security ike policy IKE-POLICY root@srx100> show configuration security ike gateway IKE-PEER-STATIC Below shows the 3 main configuration settings required on the SRX device configured to use a static IP address.<\/p>\n\n
Dynamic Peer Gateway
<\/strong><\/h3>\n
ike {
gateway IKE-PEER-STATIC;
ipsec-policy IPSEC-POLICY;
}
establish-tunnels immediately;<\/strong><\/span><\/p>\n
mode aggressive;<\/span><\/strong>
proposals [ IKE-DH2-AES256-SHA1 IKE-DH2-AES256-SHA1-1 ];
pre-shared-key ascii-text “####”; ## SECRET-DATA<\/p>\n
ike-policy IKE-POLICY;
address 88.88.88.88;<\/span><\/strong>
dead-peer-detection {
interval 15;
threshold 3;
}
local-identity hostname www.fir3net.com;<\/span><\/strong>
external-interface pp0.0;<\/p>\nStatic IP Gateway
<\/strong><\/h3>\n