Technical Documentation

Option: Using an ES PIC to Send Traffic to a Packet Analyzer

You can send some or all of the traffic securely to the packet analyzer using IPSec and an ES PIC. In this case, the TCP traffic is encrypted, sent over an IPSec tunnel, and received by the packet analyzer. For more information on configuring IPSec on the ES PIC, see the IPSec Feature Guide or the JUNOS System Basics Configuration Guide.

[edit]interfaces {es-3/1/0 {unit 0 {tunnel {source;destination;}family inet {ipsec-sa sa-esp;address {destination;}}}}fe-3/2/1 {unit 0 {family inet {address;}}}}security {ipsec {proposal esp-sha1-3des {protocol esp;authentication-algorithm hmac-sha1-96;encryption-algorithm 3des-cbc;lifetime-seconds 180;}policy esp-group2 {perfect-forward-secrecy {keys group2;}proposals esp-sha1-3des;}security-association sa-esp {mode tunnel;dynamic {ipsec-policy esp-group2;}}}ike {proposal ike-esp {authentication-method pre-shared-keys;dh-group group2;authentication-algorithm sha1;encryption-algorithm 3des-cbc;lifetime-seconds 180;}policy {mode aggressive;proposals ike-esp;pre-shared-key ascii-text "$9$qmQnuORrlMBIds2oiH0BIESe";}}}

Published: 2010-04-15