TechLibrary

Navigation

Supported Platforms

Supported IPsec and IKE Standards

On routers equipped with one or more Adaptive Services PICs (both standalone and integrated versions) or Multiservices PICs or DPCs, the Canada and U.S. version of Junos OS substantially supports the following RFCs, which define standards for IP Security (IPsec) and Internet Key Exchange (IKE).

RFC 2085, HMAC-MD5 IP Authentication with Replay Prevention
RFC 2401, Security Architecture for the Internet Protocol
RFC 2402, IP Authentication Header
This RFC is not supported on the ES PIC.
RFC 2403, The Use of HMAC-MD5-96 within ESP and AH
RFC 2404, The Use of HMAC-SHA-1-96 within ESP and AH
RFC 2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC 2406, IP Encapsulating Security Payload (ESP)
RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP
RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP)
RFC 2409, The Internet Key Exchange (IKE)
RFC 2410, The NULL Encryption Algorithm and Its Use With IPsec
RFC 3602, The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3948, UDP Encapsulation of IPsec ESP Packets
RFC 4301, Security Architecture for the Internet Protocol
RFC 4302, IP Authentication Header
This RFC is not supported on the ES PIC.
RFC 4303, IP Encapsulating Security Payload (ESP)

The following RFCs and Internet draft do not define standards, but provide information about IPsec, IKE, and related technologies. The IETF classifies them as “Informational.”

RFC 2104, HMAC: Keyed-Hashing for Message Authentication
RFC 2412, The OAKLEY Key Determination Protocol
RFC 3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
Internet draft draft-eastlake-sha2-02.txt, US Secure Hash Algorithms (SHA and HMAC-SHA) (expires July 2006)

TechLibrary

Supported Platforms

Related Documentation

Supported IPsec and IKE Standards

Related Documentation

Published: 2013-02-26

Supported Platforms

Related Documentation

Published: 2013-02-26