Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Example: Configuring a Route-based IPSec Tunnel from an ACX device to an SRX device

 

This example shows how to configure a route-based IPsec tunnel on ACX devices, and contains the following sections:

Requirements

This example uses the following hardware and software components:

  • ACX1100-AC router

  • SRX Series device

  • Junos OS Release 15.1X54-D50 and later.

Overview

Junos OS enables you to configure route-based IPsec tunnel between two private networks. In this example, you configure a route-based IPsec tunnel between two private networks with ACX1100-AC router on one end and a SRX Series device on the other end. This example only describes the required CLI configurations for configuring IPsec tunnel on an ACX1100-AC router.

For configuring IPsec tunnel on a SRX Series device, see Example: Configuring a Route-Based VPN and VPN User Guide for Security Devices.

Figure 1 shows an example of a route-based IPsec tunnel topology.

Figure 1: Route-based IPsec Tunnel Topology
Route-based IPsec Tunnel
Topology

Configuration

Configure IPsec Tunnel on ACX1100-AC Router.

CLI Quick Configuration

To quickly configure this section of the example, copy the following commands, paste them into a text file, remove any line breaks, change any details necessary to match your network configuration, copy and paste the commands into the CLI at the [edit] hierarchy level, and then enter commit from configuration mode.

Step-by-Step Procedure

The following example requires you to navigate various levels in the configuration hierarchy. For information about navigating the CLI, see Using the CLI Editor in Configuration Mode in the CLI User Guide.

To configure IPsec tunnel on an ACX1100-AC router, you need to:

  1. Create and configure a service interface.
  2. Create IPsec and IKE security associations.
  3. Create a service set to define a selected traffic.
  4. Establish routes to send traffic to a service plane.
  5. Create network interfaces.
  6. Commit the configuration.