Comparison of IPSec Services and ES Interface Configuration

Table 6 compares the top-level configuration of IPSec features on the ES PIC interfaces and on the AS or MultiServices PIC interfaces.

Table 6: Statement Equivalents for ES and AS Interfaces 

ES PIC Configuration	AS and MultiServices PIC IPSec Configuration
[edit security ipsec] proposal {...}	[edit services ipsec-vpn ipsec] proposal {...}
[edit security ipsec] policy {...}	[edit services ipsec-vpn ipsec] policy {...}
[edit security ipsec] security-association sa-dynamic {...}	[edit services ipsec-vpn rule rule-name] term term-name match-conditions {...} then dynamic {...}
[edit security ipsec] security-association sa-manual {...}	[edit services ipsec-vpn rule rule-name] term term-name match-conditions {...} then manual {...}
[edit security ike] proposal {...}	[edit services ipsec-vpn ike] proposal {...}
[edit security ike] policy {...}	[edit services ipsec-vpn ike] policy {...}
Not available	[edit services ipsec-vpn] rule-set {...}
Not available	[edit services ipsec-vpn] service-set {...}
[edit interfaces es-fpc/pic/port] tunnel source address	[edit services ipsec-vpn service-set set-name ipsec-vpn local-gateway address]
[edit interfaces es-fpc/pic/port] tunnel destination address	[edit services ipsec-vpn rule rule-name] remote-gateway address

For more information about configuring IPSec services on an AS or MultiServices PIC, see IPSec Services Configuration Guidelines. For more information about configuring encryption services on an ES PIC, see Encryption Interfaces Configuration Guidelines.

NOTE: Although many of the same statements and properties are valid on both platforms, the configurations are not interchangeable. You must commit a complete configuration for the PIC type that is installed in your router.