 |
Note: Tunnel mode requires the ES PIC. In transport mode, the JUNOS software does not support authentication header (AH) or encapsulating security payload (ESP) header bundles. The JUNOS software supports only BGP in transport mode. |
You can apply IPSec to BGP traffic. IPsec is a protocol suite used for protecting IP traffic at the packet level. IPsec is based on security associations (SAs). A security association is a simplex connection that provides security services to the packets carried by the SA. After configuring the security association, you can apply the SA to BGP peers.
To apply a security association, include the ipsec-sa statement:
-
ipsec-sa ipsec-sa;
For a list of hierarchy levels at which you can configure this statement, see the statement summary section for this statement. The security association is identified by the SA name.
|
Note: Tunnel mode requires the ES PIC. In transport mode, the JUNOS software does not support authentication header (AH) or encapsulating security payload (ESP) header bundles. The JUNOS software supports only BGP in transport mode. |
A more specific security association overrides a less general SA. For example, if a specific SA is applied to a specific peer, that SA overrides the SA applied to the whole peer group.
For more detailed information about configuring IPsec security associations, see the JUNOS System Basics Configuration Guide.
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |