•
Provides mutual peer authentication by means of shared secrets (not passwords) and
public keys.
•
Provides identity protection (in main mode).
Related
Documentation
Enabling Inline Services Interface on ACX Series on page 1008•
Enabling Inline Services Interface on ACX Series
The inline services interface is a virtual interface that resides on the Packet Forwarding
Engine. The si- interface makes it possible to provide NAT and IPsec services without
using a special services PIC.
To configure inline services interface, you define the service interface as type si-
(service-inline) interface. You must also reserve adequate bandwidth for the inline services
interface. This enables you to configure both interface or next-hop service sets used for
NAT and IPsec services.
NOTE: In ACX Series routers, you can configure only one inline services
interface as an anchor interface for NAT and IPsec sessions: si-0/0/0.
To enable inline services interface:
1. Access an FPC-managed slot and the PIC where the interface is to be enabled.
[edit chassis]
user@host# edit fpc slot-number pic number
2. Enable the interface and specify the amount of bandwidth reserved on each Packet
Forwarding Engine for tunnel traffic that uses inline services.
[edit chassis fpc slot-number pic number]
user@host# set inline-services bandwidth 1g
Related
Documentation
Network Address Translation Overview on page 999•
• Network Address Port Translation Overview on page 1001
• IPsec for ACX Series Overview on page 1087
• Understanding Service Sets on page 1028
• Service Filters in ACX Series on page 1035
• Guidelines for Applying Service Filters on page 1036
• Service Filter Match Conditions for IPv4 Traffic on page 1038
• Service Filter Actions on page 1039
• Network Address Translation Address Overload in ACX Series on page 1001
1089Copyright © 2017, Juniper Networks, Inc.
Chapter 33: Configuring IPsec
To Next Page
Loading...
