Internet Protocol Security (IPsec)

IP Security (IPsec) is a suite of related protocols for cryptographically securing communications at the IP Packet Layer. IPsec also provides methods for the manual and automatic negotiation of security associations (SAs) and key distribution, all the attributes for which are gathered in a Domain of Interpretation (DOI). The IPsec DOI is a document containing definitions for all the security parameters required for the successful negotiation of a VPN tunnel—essentially, all the attributes required for SA and IKE negotiations. See RFC 2407 and RFC 2408 for more information.

For information about which devices support the features documented in this chapter, see the JUNOS Software Feature Support Reference for SRX Series and J Series Devices.

This chapter includes the following topics:

• Virtual Private Networks (VPNs) Overview
• Understanding IKE and IPsec Packet Processing
• Configuring an IPsec Tunnel—Overview
• Configuring VPN Global Settings (Standard VPNs)
• Configuring IPSec VPN Global Settings in J-Web (Standard VPNs)
• Configuring an IKE Phase 1 Proposal (Standard and Dynamic VPNs)
• Configuring Auto Tunnel in J-Web (Standard VPN)
• Configuring an IKE Policy (Standard and Dynamic VPNs)
• Configuring an IKE Gateway (Standard and Dynamic VPNs)
• Configuring an IPsec Phase 2 Proposal (Standard and Dynamic VPNs)
• Configuring an IPsec Policy (Standard and Dynamic VPNs)
• Configuring IPsec AutoKey (Standard and Dynamic VPNs)
• Configuring the Manual Tunnel using J-Web
• Configuring Hub-and-Spoke VPNs