Configure the Encryption Interface Tunnel Address

Secure traffic travels through tunnel interfaces between remote hosts. You configure each IPSec tunnel as a logical interface on the ES PIC. As you do with other tunnel interfaces, include the tunnel statement at the [edit interfaces es-fpc/pic/port unit logical-unit-number] hierarchy level to specify the source and destination addresses:

[edit interfaces]

es-fpc/pic/port {

    unit logical-unit-number {

        tunnel {

            source address;

            destination address;

        }

    }

}

 IPSec runs in two modes: transport and tunnel. The ES PIC supports the tunnel mode only. For information about IPSec modes, see the JUNOS Internet Software Configuration Guide: Getting Started.
 The ES PIC does not automatically reassemble if the tunnel breaks.