Apply IPSec Security Association

IPSec can be applied to BGP traffic. IPSec is a protocol suite used for protecting IP traffic at the packet level. IPSec is based on security associations (SAs). A security association is a simplex connection that provides security services to the packets carried by the SA. After configuring the security association, you can apply the SA to BGP peers.

To apply a security association, include the ipsec-sa statement:

ipsec-sa ipsec-sa; 

You can apply a security association globally for all BGP groups (at the [edit protocols bgp] hierarchy level), for all peers in a group (at the [edit protocols bgp group group-name] level), or for an individual peer (at the [edit protocols bgp group group-name neighbor address] level). For routing instances, include the statement at the [edit routing-instances routing-instance-name protocols bgp] hierarchy level, [edit routing-instances routing-instance-name protocols bgp group group-name] hierarchy level, and the [edit routing-instances routing-instance-name protocols bgp group group-name neighbor address] hierarchy level. The security association is identified by the SA name.

A more specific security association overrides a less general SA. For example, if a specific SA is applied to a specific peer, that SA overrides the SA applied to the whole peer group.

For more detailed information about configuring IPSec security associations, see the JUNOS Internet Software Configuration Guide: Getting Started.