Comparison of IPSec Services and ES Interface Configuration

Table 2 compares the top-level configuration of IPSec features on the ES PIC interfaces and on the Adaptive Services PIC interfaces.

Table 2: Statement Equivalents for ES and Adaptive Services Interfaces

ES PIC Configuration	AS PIC IPSec Services Configuration
`[edit security ipsec] proposal {...}`	`[edit services ipsec-vpn ipsec] proposal {...}`
`[edit security ipsec] policy {...}`	`[edit services ipsec-vpn ipsec] policy {...}`
`[edit security ipsec] security-association sa-dynamic {...}`	`[edit services ipsec-vpn rule` `rule-name] termterm-namematch-conditions {....} then dynamic {...}`
`[edit security ipsec] security-association sa-manual {...}`	`[edit services ipsec-vpn rule` `rule-name] termterm-namematch-conditions {....} then manual {...}`
`[edit security ike] proposal {...}`	`[edit services ipsec-vpn ike] proposal {...}`
`[edit security ike] policy {...}`	`[edit services ipsec-vpn ike] policy {...}`
Not available	`[edit services ipsec-vpn] rule-set {...}`
Not available	`[edit services ipsec-vpn] service-set {...}`
`[edit interfaces es-fpc/pic/port] tunnel sourceaddress`	`[edit services ipsec-vpn service-set` `set-nameipsec-vpn local-gatewayaddress]`
`[edit interfaces es-fpc/pic/port] tunnel destinationaddress`	`[edit services ipsec-vpn rule` `rule-name] remote-gatewayaddress`

NOTE: Although many of the same statements and properties are valid on both platforms, the configurations are not interchangeable. You must commit a complete configuration for the PIC type that is installed in your router.