[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

Understanding IPsec Security Associations (SAs)

A security association (SA) is a unidirectional agreement between the VPN participants regarding the methods and parameters to use in securing a communication channel. Full bidirectional communication requires at least two SAs, one for each direction.

Before You Begin
For background information, read Understanding IPsec Operational Modes. Understanding IPsec Security Protocols.

Before You Begin

For background information, read

An SA groups together the following components for securing communications:

Security algorithms and keys
Protocol mode, either Transport or Tunnel (see Understanding IPsec Operational Modes)
Key-management method, either manual key or AutoKey IKE (see Understanding IPsec Key Management )
SA lifetime

For outbound VPN traffic, the policy invokes the SA associated with the VPN tunnel. For inbound traffic, JUNOS software with enhanced services looks up the SA by using the following triplet:

Destination IP
Security protocol, either AH or ESP (see Understanding IPsec Security Protocols)
Security parameter index (SPI) value

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]