Configuring Ipsec For Secure Packet Exchange; Ipsec Tunnel Overview; Security Associations - Juniper J2300 User Manual

Chapter 23
Configuring IPSec for Secure Packet
Exchange

IPSec Tunnel Overview

Security Associations

IPSec Tunnel Overview on page 483
Before You Begin on page 484
Configuring an IPSec Tunnel with Quick Configuration on page 484
Configuring an IPSec Tunnel with a Configuration Editor on page 486
Verifying the IPSec Tunnel Configuration on page 496
An IPSec tunnel allows access to a private network through a secure tunnel.
This feature is particularly useful when a private network is divided among
multiple sites, and transit between the sites must occur on a public network.
To ensure secure transport of packets across the public network to the
multiple sites, individual tunnels are configured. Each tunnel is defined by
a local tunnel endpoint and a remote tunnel endpoint.
Packets with a destination address matching the private network prefix are
encrypted and encapsulated in a tunnel packet that is routable through the outside
network. The source address of the tunnel packet is the local gateway, and the
destination address is the remote gateway. Once the encapsulation packet reaches
the other side, the remote end determines how to route the packet.
An IPSec security association (SA) is a set of rules used by IPSec tunnel gateways
by which traffic is transported. IPSec security associations are established either
manually, through configuration statements, or by Internet Key Exchange (IKE).
In the case of manually configured security associations, the connection is
established when both ends of the tunnel are configured, and the connections
last until one of the endpoints is taken offline. For IKE security associations,
connections are established only when traffic is sent through the tunnel, and
they dissolve after a preset amount of time or traffic.
IPSec Tunnel Overview
483