- play_arrow Overview
- play_arrow Accessing Standards Documents
-
Supported IPsec and IKE Standards
On routers equipped with one or more MS-MPCs, MS-MICs, or DPCs, the Canada and U.S. version of Junos OS substantially supports the following RFCs, which define standards for IP Security (IPsec) and Internet Key Exchange (IKE).
RFC 2085, HMAC-MD5 IP Authentication with Replay Prevention
RFC 2401, Security Architecture for the Internet Protocol (obsoleted by RFC 4301)
RFC 2402, IP Authentication Header (obsoleted by RFC 4302)
RFC 2403, The Use of HMAC-MD5-96 within ESP and AH
RFC 2404, The Use of HMAC-SHA-1-96 within ESP and AH (obsoleted by RFC 4305)
RFC 2405, The ESP DES-CBC Cipher Algorithm With Explicit IV
RFC 2406, IP Encapsulating Security Payload (ESP) (obsoleted by RFC 4303 and RFC 4305)
RFC 2407, The Internet IP Security Domain of Interpretation for ISAKMP (obsoleted by RFC 4306)
RFC 2408, Internet Security Association and Key Management Protocol (ISAKMP) (obsoleted by RFC 4306)
RFC 2409, The Internet Key Exchange (IKE) (obsoleted by RFC 4306)
RFC 2410, The NULL Encryption Algorithm and Its Use With IPsec
RFC 2451, The ESP CBC-Mode Cipher Algorithms
RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol - OCSP
RFC 3193, Securing L2TP using IPsec
RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile
RFC 3602, The AES-CBC Cipher Algorithm and Its Use with IPsec
RFC 3948, UDP Encapsulation of IPsec ESP Packets
RFC 4106, The Use of Galois/Counter Mode (GCM) in IPsec Encapsulating Security Payload (ESP)
RFC 4210, Internet X.509 Public Key Infrastructure Certificate Management Protocol (CMP)
RFC 4211, Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)
RFC 4301, Security Architecture for the Internet Protocol
RFC 4302, IP Authentication Header
RFC 4303, IP Encapsulating Security Payload (ESP)
RFC 4305, Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 4306, Internet Key Exchange (IKEv2) Protocol
RFC 4307, Cryptographic Algorithms for Use in the Internet Key Exchange Version 2 (IKEv2)
RFC 4308, Cryptographic Suites for IPsec
Only Suite VPN-A is supported in Junos OS.
RFC 4754, IKE and IKEv2 Authentication Using the Elliptic Curve Digital Signature Algorithm (ECDSA)
RFC 4835, Cryptographic Algorithm Implementation Requirements for Encapsulating Security Payload (ESP) and Authentication Header (AH)
RFC 5996, Internet Key Exchange Protocol Version 2 (IKEv2) (obsoleted by RFC 7296)
RFC 7296, Internet Key Exchange Protocol Version 2 (IKEv2)
RFC 7427, Signature Authentication in the Internet Key Exchange Version 2 (IKEv2)
RFC 7634, ChaCha20, Poly1305, and Their Use in the Internet Key Exchange Protocol (IKE) and IPsec
RFC 8200, Internet Protocol, Version 6 (IPv6) Specification
Junos OS partially supports the following RFCs for IPsec and IKE:
RFC 3526, More Modular Exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE)
RFC 5114, Additional Diffie-Hellman Groups for Use with IETF Standards
RFC 5903, Elliptic Curve Groups modulo a Prime (ECP Groups) for IKE and IKEv2
The following RFCs and Internet draft do not define standards, but provide information about IPsec, IKE, and related technologies. The IETF classifies them as “Informational.”
RFC 2104, HMAC: Keyed-Hashing for Message Authentication
RFC 2412, The OAKLEY Key Determination Protocol
RFC 3706, A Traffic-Based Method of Detecting Dead Internet Key Exchange (IKE) Peers
Internet draft draft-eastlake-sha2-02.txt, US Secure Hash Algorithms (SHA and HMAC-SHA) (expires July 2006)