 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
After you have configured the outbound firewall filter, you apply it by including the filter statement at the [edit interfaces interface-name unit logical-unit-number family inet] hierarchy level:
-
filter {
- input filter-name;
- }
Apply the outbound traffic filter. The outbound filter is applied on the Fast Ethernet interface at the [edit interfaces fe-0/0/1 unit 0 family inet] hierarchy level. Any packet matching the IPSec action term (term 1) on the input filter (ipsec-encrypt-policy-filter), configured on the Fast Ethernet interface, is directed to the ES PIC interface at the [edit interfaces es-0/1/0 unit 0 family inet] hierarchy level. So, if a packet arrives from the source address 10.1.1.0/24 and goes to the destination address 10.2.2.0/24, the Packet Forwarding Engine directs the packet to the ES PIC interface, which is configured with the manual-sa1 SA. The ES PIC receives the packet, applies the manual-sa1 SA, and sends the packet through the tunnel.
The router must have a route to the tunnel end point; add a static route if necessary.
- [edit interfaces]
- fe-0/0/1 {
-
- unit 0 {
-
- family inet {
-
- filter {
- input ipsec-encrypt-policy-filter;
- }
- address 10.1.1.254/24;
- }
- }
- }
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |