Group VPN Overview
An IPsec security association (SA) is a unidirectional agreement between virtual private network (VPN) participants that defines the rules to use for authentication and encryption algorithms, key exchange mechanisms, and secure communications. With current VPN implementations, the SA is a point-to-point tunnel between two security devices. A group VPN extends IPsec architecture to support SAs that are shared by a group of security devices (see Figure 52).
Figure 52: Standard IPsec VPN and Group VPN
With group VPNs, any-to-any connectivity is achieved by preserving the original source and destination IP addresses in the outer header. Secure multicast packets are replicated in the same way as cleartext multicast packets in the core network.
Related Topics
- JUNOS Software Feature Support Reference for SRX Series and J Series Devices
- VPN Overview
- Understanding IKE and IPsec Packet Processing
- Understanding the GDOI Protocol
- Understanding Group Servers and Members
- Group VPN Configuration Overview