Support Support Downloads Knowledge Base Service Request Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

Once the VA and IKE connection are established, which packets are secured?

0

0

Article ID: KB7019 KB Last Updated: 30 Aug 2010Version: 3.0
Summary:
Once the VA and IKE connection are established, which packets are secured?
Symptoms:
NetScreen Remote Virtual Adapter
Solution:

To determine which packets are secured, think of it as an intersection of what the client's routing table sends to the VA and the IPSec policy in the client. If the routing table directs packets to the VA and the IPSec policy in the client defines that packets for a given subnet are to be secure, then the packets will be tunneled using IPSec to the gateway.

If the routing table sends packets to the VA but the IPSec policy is not configured to secure those packets, they are discarded. This is a method to prohibit "split tunneling". For example, by using the "use default gateway" option on the VA, (almost) all of the outbound packets can be directed to the VA. But if the IPSec policy is configured to secure only a subset (typically a subnet) of this address space, packets with their destination addresses will be swallowed up by the VA and not exit the machine.

Here is the problem or goal:

  • Once the VA and IKE connection are established, which packets are secured ?

Problem Environment:

  • NetScreen Remote
  • Virtual Adapter

Applicable Products:

  • NetScreen-Remote


Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Security Alerts and Vulnerabilities

Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search