[an error occurred while processing this directive][an error occurred while processing this directive]

mode (IPsec)

Syntax

mode (transport | tunnel);

Hierarchy Level

[edit security ipsec security-association name]

Release Information

Statement introduced before JUNOS Release 7.4.

Description

Define the mode for the IPsec security association.

Default

tunnel

Options

transport—Protect traffic when the communication endpoint and cryptographic endpoint are the same. The data portion of the IP packet is encrypted, but the IP header is not. Virtual Private Network (VPN) gateways that provide encryption and decryption services for protected hosts cannot use transport mode for protected VPN communications.

tunnel—Protect traffic using preshared keys with IKE to authenticate peers or digital certificates with IKE to authenticate peers.

Note: Tunnel mode requires the ES Physical Interface Card (PIC).

The JUNOS Software supports only encapsulating security payload (ESP) when you use tunnel mode.

In transport mode, the JUNOS Software does not support authentication header (AH) and ESP header bundles.

In transport mode, the JUNOS Software supports only Border Gateway Protocol (BGP).

Required Privilege Level

system—To view this statement in the configuration.

system-control—To add this statement to the configuration.


Published: 2010-04-26

[an error occurred while processing this directive]