Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

TechLibrary
Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    System Basics: Security Services Configuration Guide

    Junos OS supports the IP Security (IPsec) associations and the Internet Key Exchange (IKE) security services features. The IPsec suite provides network layer data security with functions such as authentication of origin, data integrity, confidentiality, replay protection, and nonrepudiation of source. IKE defines mechanisms for key generation and exchange and manages security associations (SAs). An SA is a simplex connection that allows two hosts to communicate with each other securely by means of IPsec. Use the topics in this section to configure essential security services.

            

    Junos OS System Basics Configuration Guide

    Configuring IPsec for an ES PIC

    Configuring Minimum Manual Security Associations for IPsec on an ES PIC

    Configuring Minimum IKE Requirements for IPsec on an ES PIC

    Configuring Minimum Digital Certificate Requirements for IKE on an ES PIC

    Configuring Security Associations for IPsec on an ES PIC

    Configuring Manual IPsec Security Associations for an ES PIC

    Configuring Dynamic IPsec Security Associations

    Configuring an IKE Proposal for Dynamic SAs

    Example: Configuring an IKE Proposal

    Configuring an IKE Policy for Preshared Keys

    Example: Configuring an IKE Policy

    Configuring an IPsec Proposal for an ES PIC

    Configuring the IPsec Policy for an ES PIC

    Example: Configuring an IPsec Policy

    Configuring Internal IPsec for Junos-FIPS

    Example: Configuring Internal IPsec

    Configuring Digital Certificates for ES and AS PICs

    Configuration Statements for Setting Up Digital Certificates for an ES PIC

    Obtaining a Certificate from a Certificate Authority for an ES PIC

    Requesting a CA Digital Certificate for an ES PIC on an M Series or T Series Router

    Example: Requesting a CA Digital Certificate

    Generating a Private and Public Key Pair for Digital Certificates for an ES PIC

    Obtaining a Signed Certificate from the CA for an ES PIC

    Configuring Digital Certificates for an ES PIC

    Configuring an IKE Policy for Digital Certificates for an ES PIC

    Associating the Configured Security Association with a Logical Interface

    Configuring Digital Certificates for Adaptive Services Interfaces

    Configuring the Auto-Reenrollment Properties for Automatic Renewal of the Router Certificate from the CA

    Configuring Traffic Filters and Tracing Operations

    Example: Configuring an Outbound Traffic Filter

    Example: Applying an Outbound Traffic Filter

    Example: Configuring an Inbound Traffic Filter for a Policy Check

    Example: Applying an Inbound Traffic Filter to an ES PIC for a Policy Check

    Configuring Tracing Operations for Security Services

    Configuring Tracing Operations for IPsec Events for Adaptive Services PICs

    Configuring Authentication Key Updates

    Configuring the Authentication Key Update Mechanism for BGP and LDP Routing Protocols

    Configuring Keys for SSH and SSL

    Configuring SSH Host Keys for Secure Copying of Data

    Importing SSL Certificates for Junos XML Protocol Support

    Configuration Statements

    [edit security] Hierarchy Level

    algorithm (Authentication Keychain)

    algorithm (Junos FIPS)

    authentication (Security IPsec)

    authentication-algorithm (Security IKE)

    authentication-algorithm (Security IPsec)

    authentication-key-chains

    authentication-method

    auto-re-enrollment

    auxiliary-spi

    ca-identity

    ca-name

    ca-profile

    cache-size

    cache-timeout-negative

    certificate-id

    certificates

    certification-authority

    challenge-password

    crl (Adaptive Services Interface)

    crl (Encryption Interface)

    description (Authentication Keychain)

    description (IKE policy)

    dh-group

    direction (Junos OS)

    direction (Junos-FIPS Software)

    dynamic

    encoding

    encryption (Junos OS)

    encryption (Junos-FIPS Software)

    encryption-algorithm

    enrollment

    enrollment-retry

    enrollment-url

    file

    identity

    ike

    internal

    ipsec (Security)

    key (Authentication Keychain)

    key (Junos FIPS)

    key-chain (Security)

    ldap-url

    lifetime-seconds (Security)

    local

    local-certificate (Security)

    local-key-pair

    manual (Junos OS)

    manual (Junos-FIPS Software)

    maximum-certificates

    mode (IKE)

    mode (IPsec)

    options (Security)

    path-length

    perfect-forward-secrecy (Security)

    pki

    policy (Security IKE)

    policy (Security IPsec)

    pre-shared-key (Security)

    proposal (Security IKE)

    proposal (Security IPsec)

    proposals

    protocol (Junos OS)

    protocol (Junos-FIPS Software)

    re-enroll-trigger-time-percentage

    re-generate-keypair

    refresh-interval

    retry (Adaptive Services Interface)

    retry-interval

    revocation-check

    secret

    security-association (Junos OS)

    security-association (Junos-FIPS Software)

    spi (Junos OS)

    spi (Junos-FIPS Software)

    ssh-known-hosts

    start-time (Authentication Key Transmission)

    tolerance

    traceoptions

    url (Security)

    validity-period

    Security Services Configuration Statements

    Previous Page Next Page