Configuring Traffic

Traffic configuration defines the traffic that must flow through the tunnel. You configure outbound and inbound firewall filters, which identify and direct traffic to be encrypted and confirm that decrypted traffic parameters match those defined for the given tunnel. The outbound filter is applied to the LAN or WAN interface for the incoming traffic you want to encrypt off of that LAN or WAN. The inbound filter is applied to the ES PIC to check the policy for traffic coming in from the remote host. Because of the complexity of configuring a router to forward packets, no automatic checking is done to ensure that the configuration is correct. Make sure that you configure the router very carefully.

Note: The valid firewall filters statements for IPSec are destination-port, source-port, protocol, destination-address, and source-address.

In Figure 9, Gateway A protects the network 10.1.1.0/24, and Gateway B protects the network 10.2.2.0/24. The gateways are connected by an IPSec tunnel. For more information about firewalls, see the JUNOS Policy Framework Configuration Guide.

Figure 9: Example: IPSec Tunnel Connecting Security Gateways

The SA and ES interface for security Gateway A are configured as follows:

The SA and ES interface for security Gateway B are configured as follows:

For a discussion of the filters applied to traffic through the security gateways, see Example: Configuring an Outbound Traffic Filter.

For sample traffic-filter configurations, see the following sections:

• Example: Configuring an Outbound Traffic Filter
• Example: Applying an Outbound Traffic Filter
• Example: Configuring an Inbound Traffic Filter for Policy Check
• Example: Applying an Inbound Traffic Filter to ES PIC for Policy Check

Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice.