 |
Note: When you use transport mode, the JUNOS software supports both BGP and OSPFv3 for manual SAs. |
In transport mode, the data portion of the IP packet is encrypted, but the IP header is not. Transport mode can be used only when the communication endpoint and cryptographic endpoint are the same. Virtual private network (VPN) gateways that provide encryption and decryption services for protected hosts cannot use transport mode for protected VPN communications. You configure manual SAs, and you must configure static values on both ends of the SA.
|
Note: When you use transport mode, the JUNOS software supports both BGP and OSPFv3 for manual SAs. |
To configure IPSec security for transport mode, include the mode statement with the transport option at the edit security ipsec security-association sa-name] hierarchy level:
- [edit security ipsec security-association sa-name ]
-
mode transport;
To apply tunnel mode, you configure manual SAs in transport mode and then reference the SA by name at the [edit protocols bgp] hierarchy level to protect a session with a given peer. For more information about how to reference the configured SA, see the JUNOS Routing Protocols Configuration Guide.
|
Note: You can configure BGP to establish a peer relationship over encrypted tunnels. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |