[j-nsp] ES PIC required for BGP-over-IPSEC?
Daniel Roesen
dr at cluenet.de
Fri Apr 16 14:21:51 EDT 2004
Hi,
being motivated by some current discussions about securing BGP,
I decided to play around with BGP-over-IPSEC. :->
can someone confirm wether an ES PIC is required to secure BGP
sessions with IPSEC? My memories say "no", but when trying to
actually do this, I'm getting errors:
security {
ipsec {
security-association ibgp {
manual {
direction bidirectional {
protocol bundle;
spi 1234;
auxiliary-spi 1234;
authentication {
algorithm hmac-sha1-96;
key ascii-text ...;
}
encryption {
algorithm 3des-cbc;
key ascii-text ...;
}
}
}
}
}
}
/kernel: ipsec_find_sa_in_so(1632): Couldn't dereference the sa name = ibgp
rpd[4427]: task_connect: task BGP_1234.192.168.0.5+179 addr 192.168.0.5+179:
Connection refused
rpd[4427]: bgp_connect_start: connect 192.168.0.5 (Internal AS 1234): Connection refused
Any clues? Docs are a little terse and don't give a practical example
of how a typical manual SA looks like to secure BGP.
Best regards,
Daniel
More information about the juniper-nsp
mailing list