Technical Documentation

Option: Using an ES PIC to Send Traffic to a Packet Analyzer

You can send some or all of the traffic securely to the packet analyzer using IPSec and an ES PIC. In this case, the TCP traffic is encrypted, sent over an IPSec tunnel, and received by the packet analyzer. For more information on configuring IPSec on the ES PIC, see the IPSec Feature Guide or the JUNOS System Basics Configuration Guide.

[edit]interfaces {es-3/1/0 {unit 0 {tunnel {source 10.8.8.1;destination 10.8.8.2;}family inet {ipsec-sa sa-esp;address 3.3.3.1/32 {destination 3.3.3.2;}}}}fe-3/2/1 {unit 0 {family inet {address 10.8.8.1/30;}}}}security {ipsec {proposal esp-sha1-3des {protocol esp;authentication-algorithm hmac-sha1-96;encryption-algorithm 3des-cbc;lifetime-seconds 180;}policy esp-group2 {perfect-forward-secrecy {keys group2;}proposals esp-sha1-3des;}security-association sa-esp {mode tunnel;dynamic {ipsec-policy esp-group2;}}}ike {proposal ike-esp {authentication-method pre-shared-keys;dh-group group2;authentication-algorithm sha1;encryption-algorithm 3des-cbc;lifetime-seconds 180;}policy 10.8.8.2 {mode aggressive;proposals ike-esp;pre-shared-key ascii-text "$9$qmQnuORrlMBIds2oiH0BIESe";}}}

Published: 2010-04-15