Juniper ACX2000

Juniper ACX2000

3270 pages

To Next Page

To Next Page

To Previous Page

To Previous Page

Loading...

The essential difference between the two configurations is the change in the match

direction and the static routes’ next hop, pointing to either the NAT engine’s inside or

outside interface.

Related

Documentation

Network Address Translation Overview on page 999•

• Network Address Port Translation Overview on page 1001

• IPsec for ACX Series Overview on page 1087

• Enabling Inline Services Interface on ACX Series on page 1008

• Understanding Service Sets on page 1028

• Service Filters in ACX Series on page 1035

• Network Address Translation Address Overload in ACX Series on page 1001

• Network Address Translation Rules Overview on page 1004

• Configuring Service Sets for Network Address Translation on page 1030

• Configuring Queuing and Scheduling on Inline Services Interface on page 1040

Configuring IPsec Service Sets

IPsec service sets require additional specifications that you configure at the [edit services

service-set service-set-name ipsec-vpn-options] hierarchy level:

[edit services service-set service-set-name ipsec-vpn-options]

anti-replay-window-size bits;

ike-access-profile profile-name;

local-gateway (address | interface);

no-anti-replay;

Configuration of these statements is described in the following sections:

•

Configuring the Local Gateway Address for IPsec Service Sets on page 1095

•

Configuring IKE Access Profiles for IPsec Service Sets on page 1096

•

Configuring or Disabling Antireplay Service on page 1097

Configuring the Local Gateway Address for IPsec Service Sets

If you configure an IPsec service set, you must configure a local-gateway statement by

either configuring a local IPv4 address or a logical interface.

If the Internet Key Exchange (IKE) gateway IP address is in inet.0 (the default situation),

you configure the following statement:

local-gateway (address | interface) ;

You can configure all the link-type tunnels that share the same local gateway address

in a single next-hop-style service set. The value you specify for the inside-service-interface

statement at the [edit services service-set service-set-name] hierarchy level need not

match the ipsec-inside-interface value, which you configure at the [editservicesipsec-vpn

1095Copyright © 2017, Juniper Networks, Inc.

Chapter 33: Configuring IPsec

Table of Contents

Other manuals for Juniper ACX2000

Quick Start30 pages

Hardware Guide190 pages

Related product manuals

Juniper ACX2100

Preview: Juniper ACX5048

Juniper ACX5048

Preview: Juniper ACX1100

Juniper ACX1100

Preview: Juniper ACX5448

Juniper ACX5448

Preview: Juniper ACX1000

Juniper ACX1000

Preview: Juniper ACX7348

Juniper ACX7348

Preview: Juniper ACX5448-D

Juniper ACX5448-D

Preview: Juniper ACX Series

Juniper ACX Series

Preview: Juniper Day One+ ACX7024

Juniper Day One+ ACX7024

Preview: Juniper MX240

Preview: Juniper M Series

Juniper M Series

Preview: Juniper MX Series

Juniper MX Series