You want to verify the peer before IPsec tunnel establishment.
What would be used as a final check in this scenario?
You want to verify the peer before IPsec tunnel establishment.
What would be used as a final check in this scenario?
In IPsec tunnel establishment, a proxy ID is used as a final check to ensure the identity and security policies match between the peers. This is crucial for confirming the peer before the tunnel is fully established, verifying that the traffic matches what is expected according to the agreed security policies.
st interface
Proxy id's are used in both route/policy based VPNs
Mr penguin your correct in what you say below however policy based does not use tunnel interfaces so it must be proxy id in route based it uses the st0 interfaces so you are correct but this question does not say what you are using either route or policy based.
https://www.juniper.net/documentation/us/en/software/junos/vpn-ipsec/topics/topic-map/security-ipsec-vpn-configuration-overview.html#d135e2559 The next-hop gateways are the IP addresses for the st0 interfaces of all remote spoke peers. The next hop should be associated with the correct IPsec VPN name.