Starting with JunOS 12.1X45, Juniper offers Suite B crypto on their SRX firewalls.

Juniper has a overview of their Suite B options here.

Standard IPSec

What does a Suite B IKE/IPSec setup look like in comparison to standard? Lets take a look at a couple of examples: Here we have a standard IKE and IPSec setup.

#### Interface IP and route for tunnel traffic 
set interfaces st0.0 family inet address 192.0.2.1/24
set routing-options static route 10.10.2.0/24 next-hop st0.0
set security zones security-zone vpn interfaces st0.0
set security zones security-zone 192.0.2.0/24 host-inbound-traffic system-services ike
set security zones security-zone 192.168.0.0/24 address-book address net-cm_192-168-1-0--24 192.168.1.0/24
set security zones security-zone vpn address-book address net-cm_10-10-2-0--24 10.10.2.0/24
set security ike policy ike-policy-cm mode main
set security ike policy ike-policy-cm proposal-set standard
set security ike policy ike-policy-cm pre-shared-key ascii-text "secretkey"
set security ike gateway ike-gate-cm ike-policy ike-policy-cm
set security ike gateway ike-gate-cm address 192.0.2.2
set security ike gateway ike-gate-cm external-interface ge-0/0/0
set security ike gateway ike-gate-cm version v2-only
set security ipsec policy ipsec-policy-cm proposal-set standard
set security ipsec vpn ipsec-vpn-cm ike gateway ike-gate-cm
set security ipsec vpn ipsec-vpn-cm ike ipsec-policy ipsec-policy-cm
set security ipsec vpn ipsec-vpn-cm bind-interface st0.0
set security ipsec vpn-monitor-options interval 10
set security ipsec vpn-monitor-options threshold 10
set security ike gateway ike-gate-cm dead-peer-detection probe-idle-tunnel
set security ike gateway ike-gate-cm dead-peer-detection interval 10
set security ike gateway ike-gate-cm dead-peer-detection threshold 5
set security ipsec vpn ipsec-vpn-cm establish-tunnels immediately
set security ipsec policy ipsec-policy-cm perfect-forward-secrecy keys group14
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match source-address net-cm_192-168-1-0--24
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match destination-address net-cm_10-10-2-0--24
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match application any
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm then permit
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match source-address net-cm_10-10-2-0--24
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match destination-address net-cm_192-168-1-0--24
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match application any
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm then permit

IPSec with Suite B

Here is an IKE/IPSec setup utilizing Suite B.

set interfaces st0.0 family inet address 192.0.2.1/24
set routing-options static route 10.10.2.0/24 next-hop st0.0
set security zones security-zone vpn interfaces st0.0
set security zones security-zone 192.0.2.0/24 host-inbound-traffic system-services ike
set security zones security-zone 192.168.0.0/24 address-book address net-cm_192-168-1-0--24 192.168.1.0/24
set security zones security-zone vpn address-book address net-cm_10-10-2-0--24 10.10.2.0/24
set security ike policy ike-policy-cm mode main
set security ike policy ike-policy-cm proposal-set suite-gcm-256
set security ike policy ike-policy-cm pre-shared-key ascii-text "secretkey"
set security ike gateway ike-gate-cm ike-policy ike-policy-cm
set security ike gateway ike-gate-cm address 192.0.2.2
set security ike gateway ike-gate-cm external-interface ge-0/0/0
set security ike gateway ike-gate-cm version v2-only
set security ipsec policy ipsec-policy-cm proposal-set suite-gcm-256
set security ipsec vpn ipsec-vpn-cm ike gateway ike-gate-cm
set security ipsec vpn ipsec-vpn-cm ike ipsec-policy ipsec-policy-cm
set security ipsec vpn ipsec-vpn-cm bind-interface st0.0
set security ipsec vpn-monitor-options interval 10
set security ipsec vpn-monitor-options threshold 10
set security ike gateway ike-gate-cm dead-peer-detection probe-idle-tunnel
set security ike gateway ike-gate-cm dead-peer-detection interval 10
set security ike gateway ike-gate-cm dead-peer-detection threshold 5
set security ipsec vpn ipsec-vpn-cm establish-tunnels immediately
set security ipsec policy ipsec-policy-cm proposals ipsec-proposal-cm
set security ipsec policy ipsec-policy-cm perfect-forward-secrecy keys group19
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match source-address net-cm_192-168-1-0--24
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match destination-address net-cm_10-10-2-0--24
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm match application any
set security policies from-zone 192.168.0.0/24 to-zone vpn policy 192.168.0.0/24-vpn-cm then permit
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match source-address net-cm_10-10-2-0--24
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match destination-address net-cm_192-168-1-0--24
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm match application any
set security policies from-zone vpn to-zone 192.168.0.0/24 policy vpn-192.168.0.0/24-cm then permit

The difference is the perfect-forward-secrecy key group, and the IKE/IPSec Policy proposal being used.

Diffie Hellman groups

This setting specifies whether perfect forward secrecy (PFS) is used when negotiating the security association, and if so, which Diffie-Hellman group is used. If PFS is used, each phase 2 key is derived independently through a separate Diffie-Hellman exchange. With PFS, if a single key is compromised, the integrity of subsequently generated keys is not affected. Group 2: a modular exponentiation group with a 1024-bit modulus. Group 5: a modular exponentiation group with a 1536-bit modulus. Group 14: a modular exponentiation group with a 2048-bit modulus. Group 19: a random 256-bit elliptic curve group. Group 20: a random 384-bit elliptic curve group. Group 21: a random 521-bit elliptic curve group. Group 24: a modular exponentiation group with a 2048-bit modulus and 256-bit prime order subgroup.

The IPSec proposal for Suite B we are using is aes-256-gcm. From the above referenced Juniper site:

Suite-B-GCM-128
ESP: Advanced Encryption Standard (AES) encryption with 128-bit
     keys and 16-octet integrity check value (ICV) in Galois
     Counter Mode (GCM).
IKE: AES encryption with 128-bit keys in cipher block chaining
     (CBC) mode, integrity using SHA-256 authentication, and
     key establishment using Diffie-Hellman (DH) group 19 and
     authentication using Elliptic Curve Digital Signature
     Algorithm (ECDSA) 256-bit elliptic curve signatures.

The advantage to using Elliptic Curve crypto is that the crypto is harder to crack, while simultaneously being more efficient to compute (faster). You may (or may not) see actual performance improvements using it.

If you are extremely mathematically inclined, read these wiki articles for more information: GCM, CBC, AES, SHA, and ECDSA