Junos VPN Site Secure

Secure network communications over VPNs

Junos VPN Site Secure uses various standard encryption techniques to secure network communications between the customer premise and the network edge to add security to traffic over Layer 3 VPNs.

    Junos VPN Site Secure


    Junos VPN Site Secure uses an IPsec VPN tunnel that consists of tunnel setup and applied security. During tunnel setup, the peers establish security associations (SAs) that define the parameters for securing traffic between them. After the tunnel is established, it protects the traffic sent between the two tunnel endpoints by applying the defined security parameters. Junos VPN Site Secure protects user data via IPsec encryption. Tunnel mode is useful for protecting traffic between different networks when traffic must pass through an intermediate untrusted network.

    Junos VPN Site Secure implements IPsec encryption using Advanced Encryption Standard (AES), Data Encryption Standard (DES), and triple Data Encryption standard (3DES). Enterprises can provide IPsec encryption to enhance end-user security. Providers can offer IPsec encryption of access links from the customer premise’s device to the provider edge router, charging a premium for secure access to the network. The packets can then be securely forwarded or mapped into Layer 3 VPNs for transport across the provider network.

    This application is particularly useful when offering a service to a customer whose access links are provisioned by a third-party provider. Providers can offer IPsec encryption of unicast or multicast traffic over Layer 3 VPNs for an added layer of security for the most concerned customers. IPsec can also be used to encrypt backhaul traffic by setting up encrypted tunnels across untrusted, third-party wholesale networks.


    • Unified Remote and Local Solution integrates with AAA schemes to provide remote and local secure access with Unified Access Control (UAC).
    • Dynamic Policy-Driven Security Enforcement coordinates enforcement between Junos Pulse client, MAG Series, SRX Series, EX Series, and any vendor-agnostic 802.1X device.
    • Broad Coverage supports BYOD initiatives across a broad range of devices.
    • Single Sign-On provides simplified user experience and consistent, seamless, secure remote and extensible corporate network and cloud resource access.
    • Host Checker ensures that authorized device meets enterprise security policy requirements, remediates or quarantines as necessary.
    • Session Federation enables seamless transition between SSL/VPN to UAC-based LAN for quality user experience.
    • Endpoint Profiler provides security and unauthorized access for unmanaged endpoints such as printers.
    • Certifications include Federal Information Processing Standards (FIPS), CC, NIST-B, NIAP-Common Criteria, and others.
    • Virtual Appliance is available for both SSL/VPN and UAC for greater deployment flexibility.

    Resources for the Junos VPN Site