 |
Note: The JUNOS software does not perform a commit check when an SA name referenced in the Border Gateway Protocol (BGP) protocol section is not configured at the [edit security ipsec] hierarchy level. |
To use IPSec security services, you create an SA between hosts. An SA is a simplex connection that allows two hosts to communicate with each other securely by means of IPSec. You can configure two types of SAs:
|
Note: The JUNOS software does not perform a commit check when an SA name referenced in the Border Gateway Protocol (BGP) protocol section is not configured at the [edit security ipsec] hierarchy level. |
We recommend that you configure no more than 512 dynamic security associations per ES Physical Interface Card (PIC).
To configure an SA for IPSec for an ES PIC, include the security-association statement at the [edit security ipsec] hierarchy level:
- [edit security ipsec]
-
security-association sa-name;
This section describes the following topics related to configuring security associations:
|
Note: You configure a dynamic SA for the AS and MultiServices PICs at the [edit services ipsec-vpn rule rule-name term term-name then dynamic], [edit services ipsec-vpn ike], and [edit services ipsec-vpn ipsec] hierarchy levels. For more information, see the “IPSec” chapter of the JUNOS Feature Guide and the “IPSec Services Configuration Guidelines” chapter of the JUNOS Services Interfaces Configuration Guide. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |