Junos
Reply
New User
neozeric
Posts: 3
Registered: ‎11-01-2008
0

Encrypt Traffic

We have two offices connected with a DS3.  On each side of the DS3 is a Juniper J4350 router.  We would like to encrypt all traffic going over the DS3.  The only traffic that goes over the DS3 is internal.  There are four /24s on each side.  How do we go about configuring the routers to encrypt just this traffic?
Distinguished Expert
rkim
Posts: 755
Registered: ‎11-06-2007
0

Re: Encrypt Traffic

So it sounds like you want to set up an IPSec tunnel between the two sites. What version of JUNOS do you have? The reason I ask is IPSec configuration is quite different between packet-based JUNOS and JUNOS with enhanced services. If JUNOS with enhanced services, I would recommend a route-based VPN. You can find application notes for JUNOS with enhanced services at http://kb.juniper.net/KB10182.

 

-Richard

New User
neozeric
Posts: 3
Registered: ‎11-01-2008
0

Re: Encrypt Traffic

We are using JUNOS Software Release [8.2R1.7] (Export edition)

 

I dont think it is enhanced...how do i tell?  if not, what are our options ?

Super Contributor
GuyDavies
Posts: 93
Registered: ‎09-26-2008
0

Re: Encrypt Traffic

Hi neozeric,

 

If you are using the Export edition, it doesn't have any encryption functionality in it (due to the export restrictions).  You need to apply for permission to download the 'domestic' version of JUNOS to have any encryption.

 

Can you put the output of "show version" in a response to confirm it's not ES.  I'm pretty sure you're not running ES, though.

 

Rgds,

 

Guy 

New User
neozeric
Posts: 3
Registered: ‎11-01-2008
0

Re: Encrypt Traffic

Model: j4350
JUNOS Software Release [8.2R1.7] (Export edition)

 

without the enhanced, and after going non-export, will the guide you posted above work?

Super Contributor
GuyDavies
Posts: 93
Registered: ‎09-26-2008

Re: Encrypt Traffic

Hi,

 

That doesn't look like the full output of "show version" :-) but never mind.

 

As Richard said, the configuration of IPsec in JUNOS and in JUNOS-ES are quite different.  Since the kb to which Richard provided a link is for JUNOS-ES, I doubt that you'll be able to use it with regular, packet based JUNOS.

 

So, you have a couple of choices.

 

1) upgrade to a domestic version of JUNOS, which requires that you complete an online form (accessible from the download pages when you try, and fail, to download the domestic version).  Then you'll need to take a look at http://www.juniper.net/techpubs/software/junos/junos92/swconfig-services/encryption-interfaces-configuration-guidelines.html#id-10864997 for the latest version of JUNOS and how to configure an IPsec interface.  Oh, and to upgrade to JUNOS 9.0 or above, you really require at least 1GB RAM in your J4350.

 

2) upgrade to a domestic version of JUNOS-ES.  The same restrictions apply wrt completing the form since it also contains encryption technologies, the export of which is controlled by the US government.  Then use the kb to which Richard pointed to help you configure your box.

 

NOTE:  Going to JUNOS-ES has some constraints.  JUNOS-ES can run in flow mode or packet mode.  When in flow mode, you get a lot of the benefits of a stateful firewall.  However, you currently cannot run MPLS in flow mode so, if you require MPLS then stick for now with the regular JUNOS and use option 1.

 

Rgds,

 

Guy 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.