 |
Note: If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address. |
To complete a dynamic endpoint tunnel configuration, you need to reference the IKE access profile configured at the [edit access] hierarchy level in the service set. To do this, include the ike-access-profile statement at the [edit services service-set name ipsec-vpn-options] hierarchy level:
- [edit services]
- service-set name {
-
- next-hop-service {
- inside-service-interface interface-name;
- outside-service-interface interface-name;
- }
-
- ipsec-vpn-options {
- local-gateway address;
- ike-access-profile profile-name;
- }
- }
You can reference only one access profile in each service set. This profile is used to negotiate IKE and IPSec security associations with dynamic peers only.
|
Note: If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |