•
Anti-replay services
•
Internet Key Exchange (IKE) gateway
•
Internet Key Exchange (IKE) v1 policy in Aggressive and Main mode with pre-shared
key (PSK).
•
One IKE security associations (SA) with multiple IPSec SA based on traffic selector.
•
Traffic selector based tunnel establishment (not route based and no routing protocol
over tunnel).
•
Xauth client with config mode for internal IP attribute.
•
key id, hostname, distinguished name, user@hostname, inet, and inet6 support as
local and remote identity.
•
Initiator to establish IPSec VPN tunnels immediately.
•
IPv4 and IPv6 addresses for IPSec VPN tunnel source and destination.
•
Encryption algorithms such as DES, 3DES, AES-128, and AES-256.
•
Authentication algorithms such as MD5, SHA1, and SHA-256.
•
Diffie-Hellman groups (dh-groups) such as 2, 5, 14, and 19.
•
Dead peer detection (DPD)
•
Perfect Forward Secrecy (PFS)
•
NAT-T
•
Tunnel mode
•
Traffic selector based tunnel establishment
The terminology and components of IPSec can be intimidating to first-time users.
However, if you learn a few key concepts, you can quickly master and deploy IPSec in
your network. The main concepts you need to understand are as follows:
•
Authentication Algorithms
•
Encryption Algorithms
•
IPsec Protocols
•
IPsec Security Associations Overview
•
IPSec Modes
Configuring IP Security Network Manager
IP Security Network Manager (IPSec-NM) is a network management system that offers
confidentiality, security, and authentication of data that is shared within a network. It
provides data security at the IP layer of the network.
The following features are supported on IPSec-NM:
Copyright © 2017, Juniper Networks, Inc.170
JDM User Guide for NFX250 Network Services Platform
To Next Page
Loading...
