Configure Encryption Interfaces
The Internet Protocol security architecture (IPSec) provides a security suite for the IPv4 and IPv6 network layers. The suite provides functionality such as authentication of origin, data integrity, confidentiality, replay protection, and non-repudiation of source. It also defines mechanisms for key generation and exchange, management of security associations, and support for digital certificates.
IPSec defines a security association (SA) and key management framework that can be used with any network layer protocol. The SA specifies what protection policy to apply to traffic between two IP-layer entities. For more information, see the JUNOS Internet Software Configuration Guide: Getting Started. The standards are defined in the following RFCs:
- RFC 2401, Security Architecture for the Internet Protocol
- RFC 2406, IP Encapsulating Security Payload (ESP)
To enable encryption interfaces, you can configure the following properties: