[Contents] [Prev] [Next] [Index] [Report an Error]

mode

See the following sections:

mode (IKE)

Syntax

mode (aggressive | main);

Hierarchy Level

[edit security ike policy ike-peer-address]

Release Information

Statement introduced before JUNOS Release 7.4.

Description

Define the IKE policy mode.

Default

main

Options

aggressive—Takes half the number of messages of main mode, has less negotiation power, and does not provide identity protection.

main—Uses six messages, in three peer-to-peer exchanges, to establish the IKE SA. These three steps include the IKE SA negotiation, a Diffie-Hellman exchange, and authentication of the peer. Also provides identity protection.

Usage Guidelines

See Configuring the Mode for an IKE Policy

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

mode (IPSec)

Syntax

mode (transport | tunnel);

Hierarchy Level

[edit security ipsec security-association name]

Release Information

Statement introduced before JUNOS Release 7.4.

Description

Define the mode for the IPSec security association.

Default

tunnel

Options

transport— Protects traffic when the communication endpoint and cryptographic endpoint are the same. The data portion of the IP packet is encrypted, but the IP header is not. Virtual Private Network (VPN) gateways that provide encryption and decryption services for protected hosts cannot use transport mode for protected VPN communications.

tunnel—Protects traffic using preshared keys with IKE to authenticate peers or digital certificates with IKE to authenticate peers.

Note: Tunnel mode requires the ES Physical Interface Card (PIC).

The JUNOS software supports only encapsulating security payload (ESP) when you use tunnel mode.

In transport mode, the JUNOS software does not support authentication header (AH) and ESP header bundles.

In transport mode, the JUNOS software supports only Border Gateway Protocol (BGP).

Usage Guidelines

See Configuring IPSec Mode.

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.

[Contents] [Prev] [Next] [Index] [Report an Error]

Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice.