EasyManuals Logo

Juniper ACX2000 Configuration Guide

Juniper ACX2000
3270 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #1151 background imageLoading...
Page #1151 background image
Configuring Next-Hop Service Sets
A next-hop service set is a route-based method of applying a particular service. Only
packets destined for a specific next hop are serviced by the creation of explicit static
routes. This configuration is useful when services need to be applied to an entire virtual
routing and forwarding (VRF) table, or when routing decisions determine that services
need to be performed.
When a next-hop service is configured, the IPsec or NAT engine is considered to be a
two-part interface, with one part configured to be the inside interface (inside the network)
and the other configured as the outside interface (outside the network).
To configure the service domain, include the service-domain statement at the [edit
interfaces interface-name unit logical-unit-number] hierarchy level:
[edit interfaces interface-name unit logical-unit-number]
service-domain (inside | outside);
The service-domain setting must match the configuration for the next-hop’s inside and
outside services interfaces. To configure the inside and outside services interfaces, include
the next-hop-service statement at the [editservices service-set service-set-name] hierarchy
level. The interfaces you specify must be logical interfaces on the same NAT engine. You
cannot configure unit 0 for this purpose, and the logical interface you choose must not
be used by another service set.
next-hop-service {
inside-service-interface interface-name.unit-number;
outside-service-interface interface-name.unit-number;
}
Traffic on which the service is applied is forced to the inside interface using a static route.
For example:
routing-options {
static {
route 10.1.2.3 next-hop si-0/0/0.1;
}
}
After the service is applied, traffic exits through the outside interface. A lookup is then
performed in the Packet Forwarding Engine to send the packet out of the NAT engine.
The reverse traffic enters the outside interface, is serviced, and sent to the inside interface.
The inside interface forwards the traffic out of the NAT engine.
Determining Traffic Direction
When you configure next-hop service sets, the IPsec or NAT engine functions as a two-part
interface, in which one part is the inside interface and the other part is the outside interface.
The following sequence of actions takes place:
1093Copyright © 2017, Juniper Networks, Inc.
Chapter 33: Configuring IPsec

Table of Contents

Other manuals for Juniper ACX2000

Preview: Quick Start
Quick Start30 pages
Preview: Hardware Guide
Hardware Guide190 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Juniper ACX2000 and is the answer not in the manual?

Juniper ACX2000 Specifications

General IconGeneral
BrandJuniper
ModelACX2000
CategoryNetwork Router
LanguageEnglish

Related product manuals