You can apply IPSec to BGP traffic. IPSec is a protocol suite used for protecting IP traffic at the packet level. IPSec is based on security associations (SAs). A security association is a simplex connection that provides security services to the packets carried by the SA. After configuring the security association, you can apply the SA to BGP peers.
To apply a security association, include the ipsec-sa statement:
ipsec-sa ipsec-sa;
For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement. The security association is identified by the SA name.
 |
NOTE: Tunnel mode requires the ES PIC. In transport mode, the JUNOS software does not support authentication header (AH) or encapsulating security payload (ESP) header bundles. |
A more specific security association overrides a less general SA. For example, if a specific SA is applied to a specific peer, that SA overrides the SA applied to the whole peer group.
For more detailed information about configuring IPSec security associations, see the JUNOS System Basics Configuration Guide.