 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
Transform sets are composed of security parameters that provide a required security level to a particular data flow. Transform sets are used during user SA negotiation to find common agreement between the local and the remote security gateway on how to protect that specific data flow.
A transform set includes encapsulation protocols and transforms; for example, encryption/decryption/authentication algorithms. These parameters are grouped to specify the acceptable protection for a given data flow. Many transform sets are supported, since different traffic requires distinct security levels.
A secure IP tunnel is associated with one transform set. Multiple secure IP tunnels can refer to the same transform set.
Changing existing transform sets affects only future user SA negotiations. User SAs that are already established remain valid and do not use the changed transform set until they are renegotiated.
For manually configured secure IP tunnels, the associated transform set must contain a single transform option.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |