Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Securing L2TP and IP Tunnels with IPsec Overview

    You can provide additional security to L2TP and IP tunnels by protecting them with an IPsec transport connection. Secure IP interfaces are virtual IP interfaces that are configured to provide confidentiality and authentication services for the traffic flowing through the interface; that traffic can be L2TP, GRE, and DVMRP tunnel traffic. For detailed information about IPsec, see Unresolved xref.

    The GRE, DVMRP, and L2TP over IPsec provide security only between tunnel endpoints; they do not provide end-to-end security. For end-to-end security, you need additional security for the connection beyond the router.

    This section describes the following:

    Tunnel Creation

    The ERX routers can have both unsecured GRE, DVMRP, and L2TP tunnels and tunnels that are secured by IPsec. However, unsecured L2TP tunnels are not allowed on the IPsec Service module (ISM). You can use the following commands to create a secure tunnel:

    IPsec Secured-Tunnel Maximums

    For information about the maximum number of GRE/IPsec, DVMRP/IPsec, and L2TP/IPsec connections supported on E Series routers, see the JunosE Release Notes, Appendix A, System Maximums corresponding to your software release.

    Published: 2014-08-12