Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

What is an IPSec VPN and How Does it Work?



Article ID: KB4087 KB Last Updated: 04 Mar 2017Version: 6.0
What is an IPSec VPN and How Does it Work?


Note: This article applies to ScreenOS 5.0 and 4.0 and JUNOS Enhanced Services 8.5 and later.

A virtual private network (VPN) provides a means for securely communicating between remote computers across a public wide area network (WAN), such as the Internet.

A VPN connection can link two local area networks (LANs) or a remote dialup user and a LAN. The traffic that flows between these two points pass through shared resources such as routers, switches, and other network equipment that make up the public WAN. To secure VPN communication while passing through the WAN, the two participants create an IP Security (IPSec) tunnel.

An IPSec tunnel consists of a pair of unidirectional Security Associations (SA)-one at each end of the tunnel-that specify the security parameter index (SPI), destination IP address, and security protocol (Authentication Header or Encapsulating Security Payload) employed.

Through the SA, an IPSec tunnel can provide the following security functions:

  • Privacy (via encryption)
  • Content integrity (via data authentication)
  • Sender authentication and-if using certificates-nonrepudiation (via data origin authentication)

The security functions you employ depend on your needs. If you only need to authenticate the IP packet source and content integrity, you can authenticate the packet without applying any encryption. On the other hand, if you are only concerned with preserving privacy, you can encrypt the packet without applying any authentication mechanisms. Optionally, you can both encrypt and authenticate the packet. Most network security designers choose to encrypt, authenticate, and replay-protect their VPN traffic.

Juniper NetScreen, SSG, ISG and J-Series products support IPSec technology for creating VPN tunnels with two kinds of key creation mechanisms:

  • Manual Key
  • AutoKey Internet Key Exchange (IKE) with a pre-shared key or a certificate

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search