STIGhubSTIGhub
STIGsRMF ControlsCompare
STIGhub— A free STIG search and compliance tool·STIGs updated 3 days ago
Powered by Pylon·Privacy·Terms·© 2026 Beacon Cloud Solutions, Inc.
← Back to Juniper SRX SG VPN Security Technical Implementation Guide

V-66661

CAT II (Medium)

The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations.

Rule ID

SV-81151r1_rule

STIG

Juniper SRX SG VPN Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000382

Discussion

Use of IKEv2 leverages DoS protections because of improved bandwidth management and leverages more secure encryption algorithms.

Check Content

Verify only IKEv2 is used for the IKE security configuration on all configured gateways. Use of IKEv1 mitigates the risk to a CAT III finding.

Show security ike gateway <VPN-GATEWAY>

If IKEv2 is not used for IKE associations, this is a finding.

Fix Text

For site-to-site VPNs, configure the Juniper SRX to use IKEv2 only.

[edit]
set security ike gateway <VPN-GATEWAY> address <GW-IP-ADDRESS>
set security ike gateway <VPN-GATEWAY> version v2-only