1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE 11.2.X IP SERVICES
  6. Configuration manual

Security Parameters; Figure 13: Ipsec Tunneling Packet Encapsulation; Table 9: Security Parameters Used On Secure Ip Interfaces - Juniper JUNOSE 11.2.X IP SERVICES Configuration Manual

For e series broadband services routers - ip services configuration
Hide thumbs
Table of Contents

Advertisement

JunosE 11.2.x IP Services Configuration Guide

Security Parameters

124

Figure 13: IPSec Tunneling Packet Encapsulation

Secure IP interfaces allow tunneled traffic to be secured in many ways. For that, secure
interfaces are associated with security parameters that are enforced for traffic that goes
through these interfaces. Table 9 on page 124 briefly describes all the parameters used
for a secure IP interface.

Table 9: Security Parameters Used on Secure IP Interfaces

Security Parameter
Description
Manual or signaled
A secure IP interface, which can be either manual or signaled.
You can configure manual interfaces manually on both local and
remote security gateways.
Signaled interfaces can dynamically set up connections between
security gateways using ISAKMP/IKE.
Operational VR
Operational parameters for the secure IP interface, including the virtual
router context to which this interface belongs and the network prefix
reachable through the interface.
Transport VR
Transport network characteristics for the tunnel, including its virtual router
context and source and destination IP addresses.
Perfect forward
A key-generation approach that guarantees that every newly generated
secrecy (PFS)
session key is not in any way related to the previous keys. PFS ensures
that a compromised session key does not compromise previous and
subsequent keys.
Lifetime
A limit on time and traffic volume allowed over the interface before an
SA needs to be renegotiated.
Inbound and
The actual session-related parameters used by both security gateways
outbound SAs
to secure the traffic between them. You can manually define the SA for
manual secure IP tunnels or the SA can dynamically negotiate for signaled
tunnels.
Two sets of SA parameters exist; one for inbound traffic and another for
outbound traffic.
Transform set
The set of security parameters, including protocols and algorithms, that
is considered adequate to provide a required security level to the traffic
flowing through an interface.
Figure 14 on page 125 shows the relationships of the various security parameters to the
IPSec security interface. The following sections discuss each parameter in detail.
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE 11.2.X IP SERVICES

Related Content for Juniper JUNOSE 11.2.X IP SERVICES

This manual is also suitable for:

Junose 11.2.x

Table of Contents