STIGhubSTIGhub
STIGsSearchCompare

STIGhub

A free tool to search and browse the entire DISA STIG library. Saves up to 75% in security compliance research time.

Navigation

  • Browse STIGs
  • Search
  • Compare Versions

Resources

  • About
  • Release Notes
  • VPAT
  • DISA STIG Library
STIGs updated 5 hours ago
Powered by Pylon
© 2026 Beacon Cloud Solutions, Inc. All rights reserved.
← Back to Juniper SRX Services Gateway VPN Security Technical Implementation Guide

V-214683

CAT II (Medium)

The Juniper SRX Services Gateway VPN must use IKEv2 for IPsec VPN security associations.

Rule ID

SV-214683r997555_rule

STIG

Juniper SRX Services Gateway VPN Security Technical Implementation Guide

Version

V3R2

CCIs

CCI-000382, CCI-004866

Discussion

Use of IKEv2 leverages DoS protections because of improved bandwidth management and leverages more secure encryption algorithms.

Check Content

Verify only IKEv2 is used for the IKE security configuration on all configured gateways. Use of IKEv1 mitigates the risk to a CAT III finding.

Show security ike gateway <VPN-GATEWAY>

If IKEv2 is not used for IKE associations, this is a finding.

Fix Text

For site-to-site VPNs, configure the Juniper SRX to use IKEv2 only.

[edit]
set security ike gateway <VPN-GATEWAY> address <GW-IP-ADDRESS>
set security ike gateway <VPN-GATEWAY> version v2-only