I have 2 new IVE 4500 fips devices which I am planning to deploy in active standby mode in 2 datacenters. 2 datacenters are about 100 miles apart from each other with a layer 2 link between them. I need to know that the replication traffic between active and passive devices is encrypted or clear text. I can not find any reference in the documentation on whether replication traffic between devices is encrypted or what protocol does it use. Appreciate if some one could throw light on this or point to right documentation.
so i did a quick capture on my internal port and my primary and passive 2ndary are talking on udp and TCP port 4804.
the data field looks encrypted but i could be wrong.
Many thanks for the reply. can you see what protocols are used for data encryption. Is it possible to use only external link for replication traffic or in active standby configuration I need both internal and external vips.
I am pretty sure Juniper only uses the internal NIC to do the replication there is no option to choose which interface you want the replication traffic to go out of.
You can have only external VIP as an internal VIP is only for inbound traffic so unless you have internal users getting to the IVE you do not really need an internal VIP.
the encapsulation is 3Com XNS not sure about encryption method