Configure an inbound firewall filter. This filter performs the final IPSec policy check and is created on security gateway A. The policy check ensures that only packets that match the traffic configured for this tunnel are accepted.
- [edit firewall]
- filter ipsec-decrypt-policy-filter {
- term term1 { # perform
policy check
-
- from {
- source-address { # remote network
- 10.2.2.0/24;
- }
- destination-address { # local network
- 10.1.1.0/24;
- }
- then accept;