[Contents] [Prev] [Next] [Index] [Report an Error]

Understanding IPsec Tunnel Negotiation

For a manual key IPsec tunnel, because all of the SA parameters have been previously defined, there is no need to negotiate which SAs to use. In essence, the tunnel has already been established. When traffic matches a policy using that manual key tunnel or when a route involves the tunnel, the Juniper Networks device simply encrypts and authenticates the data, as you determined, and forwards it to the destination gateway.

In SRX series services gateways, The IKE provides tunnel management for IPsec. The IKE performs a Diffie-Hellman key exchange to generate an IPsec tunnel between network devices. The IPsec tunnels generated by IKE are used to encrypt, decrypt, and authenticate user traffic between the network devices at the IP layer.

Before You Begin
For background information, read Understanding IPsec Operational Modes. Understanding IPsec Security Protocols. Understanding IPsec Security Associations (SAs). Understanding IPsec Key Management . Understanding IKE and IPsec Packets.

Before You Begin

For background information, read

To establish an AutoKey IKE IPsec tunnel, two phases of negotiation are required:

In Phase 1, the participants establish a secure channel in which to negotiate the IPsec SAs.
In Phase 2, the participants negotiate the IPsec SAs for encrypting and authenticating the ensuing exchanges of user data.

This topic covers:

[Contents] [Prev] [Next] [Index] [Report an Error]