Configure an IPSec tunnel as a logical interface on the ES PIC. The logical interface specifies the tunnel through which the encrypted traffic travels. The ipsec-sa statement associates the security profile with the interface.
- [edit interfaces]
- es-0/0/0 {
-
- unit 0 {
-
- tunnel {
- source 10.5.5.5; # tunnel source address
- destination 10.6.6.6; # tunnel
destination address
- }
-
- family inet {
- ipsec-sa manual-sa1; # name of security association to
apply to packet
- mtu 3800;
- address 10.1.1.8/32 { # local interface address inside
local VPN
- destination 10.2.2.254; # destination address inside
remote VPN
- }
- }
- }