CHAPTER 8
Understanding IPSec-NM
•
Overview of IP Security on page 169
•
Configuring IP Security Network Manager on page 170
•
Configuring IPSec-NM Interfaces on page 171
•
Configuring AutoKey Internet Key Exchange on page 172
•
Configuring IPSec on page 175
•
Example: Configuring IKE, IPSec, and Security Zones on page 177
Overview of IP Security
IP Security (IPSec) provides a secure way to authenticate senders and encrypt IP version
4 (IPv4) and version 6 (IPv6) traffic between network devices, such as routers and hosts.
IPSec offers network administrators and their users the benefits of data confidentiality,
data integrity, sender authentication, and anti-replay services. IPSec is increasingly
becoming a critical component in today’s contemporary IP networks.
IPSec is a framework for ensuring secure private communication over IP networks and
is based on standards developed by the International Engineering Task Force (IETF).
IPSec provides security services at the network layer of the Open Systems Interconnection
(OSI) model by enabling a system to select required security protocols, determine the
algorithms to use for the security services, and implement any cryptographic keys required
to provide the requested services. You can use IPSec to protect one or more paths
between a pair of hosts, between a pair of security gateways (such as routers), or between
a security gateway and a host.
The native IPSec virtual private network (VPN) supported on JUNOS is used in various
Juniper products to provide secure VPN connectivity. To address certain use cases, the
IPSec VPN functionality depends on various JUNOS components and interworks across
the modules. With the emergence of advanced technologies such as software-defined
networking (SDN), network functions virtualization (NFV), and cloud services, Juniper
IPSec VPN needed to be flexible with more efficient security solutions. To address such
use cases, Juniper Networks introduced containerized SRX (cSRX) support and IPSec is
also added to cSRX. Additionally, Juniper Networks introduced IP Security Network
Manager (IPSec-NM) , which offers a security management solution by using IPSec in
cSRX to protect management traffic flowing into Juniper VM.
The following features are supported on IPSec:
169Copyright © 2017, Juniper Networks, Inc.
To Next Page
Loading...
