STIGhubSTIGhub
STIGsRMF ControlsCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • RMF Controls
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 1 hour ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper SRX SG VPN Security Technical Implementation Guide

V-66661

CAT II (Medium)

The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations.

Rule ID

SV-81151r1_rule

STIG

Juniper SRX SG VPN Security Technical Implementation Guide

Version

V1R2

CCIs

CCI-000382

Discussion

Use of IKEv2 leverages DoS protections because of improved bandwidth management and leverages more secure encryption algorithms.

Check Content

Verify only IKEv2 is used for the IKE security configuration on all configured gateways. Use of IKEv1 mitigates the risk to a CAT III finding.

Show security ike gateway <VPN-GATEWAY>

If IKEv2 is not used for IKE associations, this is a finding.

Fix Text

For site-to-site VPNs, configure the Juniper SRX to use IKEv2 only.

[edit]
set security ike gateway <VPN-GATEWAY> address <GW-IP-ADDRESS>
set security ike gateway <VPN-GATEWAY> version v2-only