Configure Encryption Interfaces
The Internet Protocol Security (IPSec) architecture provides a security suite for the IPv4 and IPv6 network layers. The suite provides functionality such as authentication of origin, data integrity, confidentiality, replay protection, and non-repudiation of source. It also defines mechanisms for key generation and exchange, management of security associations, and support for digital certificates.
IPSec defines a security association (SA) and key management framework that can be used with any network layer protocol. The SA specifies what protection policy to apply to traffic between two IP-layer entities. For more information, see the JUNOS System Basics Configuration Guide. The standards are defined in the following RFCs:
- RFC 2401, Security Architecture for the Internet Protocol
- RFC 2406, IP Encapsulating Security Payload (ESP)
To enable encryption interfaces, you can configure the following properties:
- Configure an Encryption Interface
- Configure ES PIC Redundancy
- Configure ES PIC Redundancy
- Configure IPSec Tunnel Redundancy
For detailed information about configuring the ES PIC, see the JUNOS Services Interfaces Configuration Guide.