Junos
Junos

Encrypt Traffic

11.01.08   |  
‎11-01-2008 04:17 AM
We have two offices connected with a DS3.  On each side of the DS3 is a Juniper J4350 router.  We would like to encrypt all traffic going over the DS3.  The only traffic that goes over the DS3 is internal.  There are four /24s on each side.  How do we go about configuring the routers to encrypt just this traffic?
5 REPLIES
Junos

Re: Encrypt Traffic

11.01.08   |  
‎11-01-2008 08:32 PM

So it sounds like you want to set up an IPSec tunnel between the two sites. What version of JUNOS do you have? The reason I ask is IPSec configuration is quite different between packet-based JUNOS and JUNOS with enhanced services. If JUNOS with enhanced services, I would recommend a route-based VPN. You can find application notes for JUNOS with enhanced services at http://kb.juniper.net/KB10182.

 

-Richard

Junos

Re: Encrypt Traffic

11.02.08   |  
‎11-02-2008 03:25 AM

We are using JUNOS Software Release [8.2R1.7] (Export edition)

 

I dont think it is enhanced...how do i tell?  if not, what are our options ?

Junos

Re: Encrypt Traffic

11.02.08   |  
‎11-02-2008 11:43 AM

Hi neozeric,

 

If you are using the Export edition, it doesn't have any encryption functionality in it (due to the export restrictions).  You need to apply for permission to download the 'domestic' version of JUNOS to have any encryption.

 

Can you put the output of "show version" in a response to confirm it's not ES.  I'm pretty sure you're not running ES, though.

 

Rgds,

 

Guy 

Junos

Re: Encrypt Traffic

11.02.08   |  
‎11-02-2008 01:57 PM

Model: j4350
JUNOS Software Release [8.2R1.7] (Export edition)

 

without the enhanced, and after going non-export, will the guide you posted above work?

Junos

Re: Encrypt Traffic

11.03.08   |  
‎11-03-2008 12:01 AM

Hi,

 

That doesn't look like the full output of "show version" :-) but never mind.

 

As Richard said, the configuration of IPsec in JUNOS and in JUNOS-ES are quite different.  Since the kb to which Richard provided a link is for JUNOS-ES, I doubt that you'll be able to use it with regular, packet based JUNOS.

 

So, you have a couple of choices.

 

1) upgrade to a domestic version of JUNOS, which requires that you complete an online form (accessible from the download pages when you try, and fail, to download the domestic version).  Then you'll need to take a look at http://www.juniper.net/techpubs/software/junos/junos92/swconfig-services/encryption-interfaces-configuration-guidelines.html#id-10864997 for the latest version of JUNOS and how to configure an IPsec interface.  Oh, and to upgrade to JUNOS 9.0 or above, you really require at least 1GB RAM in your J4350.

 

2) upgrade to a domestic version of JUNOS-ES.  The same restrictions apply wrt completing the form since it also contains encryption technologies, the export of which is controlled by the US government.  Then use the kb to which Richard pointed to help you configure your box.

 

NOTE:  Going to JUNOS-ES has some constraints.  JUNOS-ES can run in flow mode or packet mode.  When in flow mode, you get a lot of the benefits of a stateful firewall.  However, you currently cannot run MPLS in flow mode so, if you require MPLS then stick for now with the regular JUNOS and use option 1.

 

Rgds,

 

Guy