Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Configuring IPsec VPN in FIPS mode

 

IPsec tunnel provides device authentication, confidentiality, and integrity of information traversing a public or untrusted network. This section provides configuration commands for configuring IPsec in FIPS mode.

Figure 1 shows the IPsec VPN tunnel topology.

Figure 1: IPsec VPN Tunnel Topology
 IPsec VPN Tunnel
Topology

Configuring IPsec VPN Service on Router 1

In this section, you configure Router 1 running Junos OS for IPsec VPN.

  1. Configuring service set and VPN rules on Router 1.
    Note

    In FIPS mode, use prompt command for setting pre-shared-key. Type-in pre-shared-key in ASCII format when prompted for secret as below.

    prompt services ipsec-vpn ike policy ike_policy1 pre-shared-key ascii-text
  2. Configuring interfaces on Router 1.
  3. Configuring routing options on Router 1.

Configuring IPsec VPN Service on Router 2

In this section, you configure Router 2 running Junos OS for IPsec VPN.

  1. Configuring service set and VPN rules on Router 2
  2. Configuring interfaces on Router 2.
  3. Configuring routing options on Router 2.

Verification

Verifying IPsec VPN tunnel

Purpose

Verify that IPsec VPN tunnel is created.

Action

crypto-officer@hostname:fips> show services ipsec-vpn ike security-associations detail
crypto-officer@hostname:fips> show services ipsec-vpn ipsec security-associations detail