Security Parameters; Figure 13: Ipsec Tunneling Packet Encapsulation; Table 9: Security Parameters Used On Secure Ip Interfaces - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual
Software for e series broadband services routers ip services configuration guide
Table of Contents
Advertisement
JunosE 11.3.x IP Services Configuration Guide
Security Parameters
124
Figure 13: IPSec Tunneling Packet Encapsulation
Secure IP interfaces allow tunneled traffic to be secured in many ways. For that, secure
interfaces are associated with security parameters that are enforced for traffic that goes
through these interfaces. Table 9 on page 124 briefly describes all the parameters used
for a secure IP interface.
Table 9: Security Parameters Used on Secure IP Interfaces
Security Parameter
Description
Manual or signaled
A secure IP interface, which can be either manual or signaled.
You can configure manual interfaces manually on both local and
remote security gateways.
Signaled interfaces can dynamically set up connections between
security gateways using ISAKMP/IKE.
Operational VR
Operational parameters for the secure IP interface, including the virtual
router context to which this interface belongs and the network prefix
reachable through the interface.
Transport VR
Transport network characteristics for the tunnel, including its virtual router
context and source and destination IP addresses.
Perfect forward
A key-generation approach that guarantees that every newly generated
secrecy (PFS)
session key is not in any way related to the previous keys. PFS ensures
that a compromised session key does not compromise previous and
subsequent keys.
Lifetime
A limit on time and traffic volume allowed over the interface before an
SA needs to be renegotiated.
Inbound and
The actual session-related parameters used by both security gateways
outbound SAs
to secure the traffic between them. You can manually define the SA for
manual secure IP tunnels or the SA can dynamically negotiate for signaled
tunnels.
Two sets of SA parameters exist; one for inbound traffic and another for
outbound traffic.
Transform set
The set of security parameters, including protocols and algorithms, that
is considered adequate to provide a required security level to the traffic
flowing through an interface.
Figure 14 on page 125 shows the relationships of the various security parameters to the
IPSec security interface. The following sections discuss each parameter in detail.
Copyright © 2010, Juniper Networks, Inc.
Advertisement
Table of Contents
Need help?
Do you have a question about the JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 and is the answer not in the manual?
Questions and answers