For dynamic endpoint tunneling only, you need to reference the IKE access profile configured at the [edit access] hierarchy level. To do this, include the ike-access-profile statement:
-
ike-access-profile profile-name;
The ike-access-profile statement must reference the same name as the profile statement you configured for IKE access at the [edit access] hierarchy level. You can reference only one access profile in each service set. This profile is used to negotiate IKE and IPSec security associations with dynamic peers only.
 |
Note: If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address. Also, you must configure a separate service set for each VRF. All interfaces referenced by the ipsec-inside-interface statement within a service set must belong to the same VRF. |
 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |