service-set service-set-name {
interface-service {
service-interface interface-name;
}
nat-rule-sets rule-set-name;
nat-rules rule-names;
stateful-firewall-rule-setsrule-set-name;
stateful-firewall-rules rule-names;
next-hop-service {
inside-service-interface interface-name.unit-number;
outside-service-interface interface-name.unit-number;
}
}
To configure service sets for IPsec VPN services, include the service-set statement at the
[edit services] hierarchy level:
[edit services]
service-set service-set-name {
interface-service {
service-interface interface-name;
}
next-hop-service {
inside-service-interface interface-name.unit-number;
outside-service-interface interface-name.unit-number;
}
ipsec-vpn-options {
local-gateway (address | interface);
no-anti-replay;
}
ipsec-vpn-rules rule-name;
}
Related
Documentation
Network Address Translation Overview on page 999•
• Network Address Port Translation Overview on page 1001
• IPsec for ACX Series Overview on page 1087
• Enabling Inline Services Interface on ACX Series on page 1008
• Service Filters in ACX Series on page 1035
• Guidelines for Applying Service Filters on page 1036
• Service Filter Match Conditions for IPv4 Traffic on page 1038
• Service Filter Actions on page 1039
• Network Address Translation Address Overload in ACX Series on page 1001
• CoS for NAT Services on ACX Series Universal Access Routers on page 887
• Network Address Translation Constraints on ACX on page 1003
• Configuring Address Pools for Network Address Port Translation (NAPT) Overview on
page 1007
• Network Address Translation Rules Overview on page 1004
1029Copyright © 2017, Juniper Networks, Inc.
Chapter 31: Configuring Network Address Translation (NAT) and Stateful Firewall Services
To Next Page
Loading...
