There is a couple things I'm not getting.
I found a doc that says to add: set security ike gateway ike-gateway1 local-identity hostname juniper.net;
But I don't know what side to put it on. Or if it goes on both sides.
So if I'm doing this:
FW1 -> FW2 -> INTERNET -> FW3 (where FW 2 is the NAT, and tunnel is configured between 1 and 3)
It would look like this on both sides?:
set security ike proposal ike-Test00-proposal authentication-method pre-shared-keys
set security ike proposal ike-Test00-proposal dh-group group2
set security ike proposal ike-Test00-proposal authentication-algorithm sha1
set security ike proposal ike-Test00-proposal encryption-algorithm aes-128-cbc
set security ike policy ike-Test00-policy mode main
set security ike policy ike-Test00-policy proposals ike-Test00-proposal
set security ike policy ike-Test00-policy pre-shared-key ascii-text elvisike123
set security ike gateway gw-Test00 external-interface <outbound interface>
set security ike gateway gw-Test00 ike-policy ike-Test00-policy
set security ike gateway gw-Test00 address <public ip>
set security ike gateway gw-Test00 local-identity hostname testvpn.fqdn.com
I don't suppose anyone can point me to a doc that shows all of this in 1 place?