1. Manuals
  2. Brands
  3. Juniper Manuals
  4. Software
  5. JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE...
  6. Configuration manual

Other Security Features; Ip Security Policies; Esp Processing; Ah Processing - Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01 Configuration Manual

Software for e series broadband services routers ip services configuration guide
Hide thumbs
Table of Contents

Advertisement

JunosE 11.3.x IP Services Configuration Guide

Other Security Features

132
Negotiating Transforms
Inside a transform set, IPSec transforms are numbered in a priority sequence.
During negotiation as an initiator of the user SA, the router uses transform number one
first. If the remote system does not agree on the transform, the router then tries number
two, and so on. If both end systems do not agree on a transform, the user SA fails and
the secure IP tunnel is not established.
During negotiation as a responder, the router compares the proposed transform from
the remote end against each transform in the transform set. If there is no match, the
router provides a negative answer to the remote end, which can either try another
transform or give up. If no match is found, the secure IP tunnel is not established.
The following sections briefly describe other supported security features for the ERX
routers. These features include the following:
"IP Security Policies" on page 132
"ESP Processing" on page 132
"AH Processing" on page 132
This section also provides a pointer to the IPSec system maximums.

IP Security Policies

The ERX router does not support a systemwide SPD. Instead, the router takes advantage
of routing to forward traffic to and from a secure tunnel. The router still applies IPSec
selectors to traffic going into or coming out of a secure tunnel so that unwanted traffic
is not allowed inside the tunnel. Supported selectors include IP addresses, subnets, and
IP address ranges.

ESP Processing

The router supports both the encryption and authentication functions of ESP
encapsulation as defined in RFC 2406. Specifically, the router supports:
DES and 3DES encryption algorithms
The HMAC-SHA and HMAC-MD5 authentication algorithms
ESP security options on a per-tunnel (per-SA) basis
Tunnel mode

AH Processing

The router supports AH encapsulation as defined in RFC 2402. Specifically, the router
supports:
HMAC-SHA and HMAC-MD5 authentication algorithms
AH authentication options on a per-tunnel (per-SA) basis
Copyright © 2010, Juniper Networks, Inc.

Advertisement

Table of Contents
loading

Related Manuals for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

Related Content for Juniper JUNOSE SOFTWARE FOR E SERIES 11.3.X - IP SERVICES CONFIGURATION GUIDE 2010-10-01

This manual is also suitable for:

Junose 11.3

Table of Contents