 |
Note: The term tunnel does not denote either Transport or Tunnel mode (see Understanding IPsec Operational Modes). It refers to the IPsec connection. |
A virtual private network (VPN) provides a means for securely communicating among remote computers across a public wide area network (WAN), such as the Internet.
A VPN connection can link two local area networks (LANs) or a remote dial-up user and a LAN. The traffic that flows between these two points passes through shared resources such as routers, switches, and other network equipment that make up the public WAN. To secure VPN communication while passing through the WAN, the two participants create an IP Security (IPsec) tunnel.
|
Note: The term tunnel does not denote either Transport or Tunnel mode (see Understanding IPsec Operational Modes). It refers to the IPsec connection. |
An IPsec tunnel consists of a pair of unidirectional security associations (SAs)—one at each end of the tunnel—that specify the security parameter index (SPI), destination IP address, and security protocol (Authentication Header or Encapsulating Security Payload) employed.
Through the SA, an IPsec tunnel can provide the following security functions:
The security functions you employ depend on your needs. If you only need to authenticate the IP packet source and content integrity, you can authenticate the packet without applying any encryption. On the other hand, if you are only concerned with preserving privacy, you can encrypt the packet without applying any authentication mechanisms. Optionally, you can both encrypt and authenticate the packet. Most network security designers choose to encrypt, authenticate, and replay-protect their VPN traffic.
JUNOS software supports IPsec technology for creating VPN tunnels with three kinds of key creation mechanisms:
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |