Table of Contents
Advertisement
JunosE 11.2.x IP Services Configuration Guide
Configuration Tasks
Configuring an IPSec License
license ipsec-tunnels
138
nonvolatile memory. Access to the private key is never given, not even to a system
administrator or to a network management system.
The public key is used in either of the following scenarios:
A network administration system or system administrator can retrieve it so that it can
be entered into remote security gateways with which the system needs to establish
an IKE SA.
It can be given to CAs so that they can properly sign it. From there, the public key is
distributed to remote security gateways that can handle a PKI.
The public/private key pair as provided by the system supports the RSA standard (512,
1024, or 2048 bits).
The public/private key pair is a global system attribute, regardless of how many ISMs
exist in the system. Only one set of keys is available at any given time.
This section explains the steps to configure an IPSec license and IPSec parameters,
create an IPSec tunnel, and define an ISAKMP/IKE policy. The next section contains
configuration examples.
By default, and with no IPSec tunnel license, you can configure up to 10 IPSec tunnels
on an ERX router. However, you can purchase licenses that support the following IPSec
tunnel maximums:
1000
2000
4000
8000
16000
32000
The number of additional tunnels is independent of the number of ISMs installed in the
router. However, the router chassis enforces the following tunnel limits:
SRP 10G – 10,000
SRP 40G – 20,000
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
