ESP Processing
The router supports both the encryption and authentication functions of ESP
encapsulation as defined in RFC 2406. Specifically, the router supports:
■
DES and 3DES encryption algorithms
■
The HMAC-SHA and HMAC-MD5 authentication algorithms
■
ESP security options on a per-tunnel (per-SA) basis
■
Tunnel mode
AH Processing
The router supports AH encapsulation as defined in RFC 2402. Specifically, the router
supports:
■
HMAC-SHA and HMAC-MD5 authentication algorithms
■
AH authentication options on a per-tunnel (per-SA) basis
■
Tunnel mode
IPSec Maximums Supported
See JUNOSe Release Notes, Appendix A, System Maximums corresponding to your
software release for information about maximum values.
DPD and IPSec Tunnel Failover
Dead peer detection (DPD) is a keepalive mechanism that enables the E Series router
to detect when the connection between the router and a remote IPSec peer has been
lost. DPD enables the router to reclaim resources and to optionally redirect traffic to
an alternate failover destination. If DPD is not enabled, the traffic continues to be
sent to the unavailable destination.
When a disconnected state is detected between the E Series router and an IPSec
peer, the router:
■
Tears down the IPSec connection and displays the interface's state as down in
output for the
show ipsec tunnel detail
command
■
Clears all SAs that were established between the two endpoints
■
Stops forwarding packets to the unavailable destination
■
Generates SNMP traps
■
Allows routing protocols running on the IP interfaces on top of the failed IPSec
tunnel to switch to alternate paths
■
(Optional) Redirects traffic to an alternate tunnel destination
IPSec Concepts
■
139
Chapter 5: Configuring IPSec
Summary of Contents for IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...