JunosE 11.2.x IP Services Configuration Guide
IPSec Secured-Tunnel Maximums
Platform Considerations
Module Requirements
References
276
See JunosE Release Notes , Appendix A, System Maximums corresponding to your software
release for information about the maximum number of GRE/IPSec, DVMRP/IPSec, and
L2TP/IPSec connections supported on E Series routers.
For information about modules that support L2TP and IP tunnels with IPSec on the
ERX7xx models, ERX14xx models, and the ERX310 Broadband Services Router:
See LNS and LAC support in ERX Module Guide, Table 1, Module Combinations for
detailed module specifications.
See LNS and LAC support in ERX Module Guide, Appendix A, Module Protocol Support
for information about the modules that support LNS and LAC.
For information about modules that support L2TP and IP tunnels with IPSec on the E120
and E320 Broadband Services Routers:
See LNS and LAC support in E120 and E320 Module Guide, Table 1, Modules and IOAs
for detailed module specifications.
See LNS and LAC support in E120 and E320 Module Guide, Appendix A, IOA Protocol
Support for information about the modules that support LNS and LAC.
To create IPSec-secured tunnels, you must install an IPSec Service module (ISM) in the
ERX router. The ISM is a security gateway and functions as one of the endpoints for secure
tunnels. The tunnel endpoints are the tunnel source and the tunnel destination IP
addresses. For an L2TP/IPSec tunnel, the source is the L2TP network server (LNS) and
the destination is the L2TP access concentrator (LAC).
For information about installing ISMs in the ERX routers, see the ERX Hardware Guide.
For more information about the protocols for securing L2TP and IP tunnels with IPSec,
consult the following resources:
RFC 2401—Security Architecture for the Internet Protocol (November 1998)
RFC 2661—Layer Two Tunneling Protocol " L2TP" (August 1999)
RFC 3193—Securing L2TP using IPSec (November 2001)
RFC 3715—IPsec-Network Address Transation (NAT) Compatibility Requirements
(March 2004)
Copyright © 2010, Juniper Networks, Inc.