IKE Gateway
Focus
Focus
Network Security

IKE Gateway

Table of Contents

IKE Gateway

Where Can I Use This?
What Do I Need?
  • PAN-OS
No license required
The Palo Alto Networks firewalls or a firewall and another security device that initiate and terminate VPN connections across the two networks are called the IKE Gateways. To set up the VPN tunnel and send traffic between the IKE Gateways, each peer must have an IP address—static or dynamic—or FQDN. The VPN peers use pre-shared keys or certificates to authenticate each other mutually.
The peers must also negotiate the mode—main or aggressive—for setting up the VPN tunnel and the SA lifetime in IKE Phase 1. Main mode protects the identity of the peers and is more secure because more packets are exchanged when setting up the tunnel. Main mode is the recommended mode for IKE negotiation if both peers support it. Aggressive mode uses fewer packets to set up the VPN tunnel and is hence faster but a less secure option for setting up the VPN tunnel.
See Set Up an IKE Gateway for configuration details.

Recommended For You