Navigation
Table of Contents
Guide That Contains This Content
[+] Expand All
[-] Collapse All
Configuring the Service Set
To complete a dynamic endpoint tunnel configuration, you need to reference the IKE access profile configured at the [edit access] hierarchy level in the service set. To do this, include the ike-access-profile statement at the [edit services service-set name ipsec-vpn-options] hierarchy level:
[edit services]service-set name {next-hop-service {inside-service-interface interface-name;outside-service-interface interface-name;}ipsec-vpn-options {local-gateway address; ike-access-profile profile-name; }}
You can reference only one access profile in each service set. This profile is used to negotiate IKE and IPSec security associations with dynamic peers only.
 | Note: If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address. |
