Configuring the ES PIC associates the configured SA with a logical interface. This configuration defines the tunnel itself (logical subunit, tunnel addresses, maximum transmission unit [MTU], optional interface addresses, and the name of the SA to apply to traffic).
The addresses configured as the tunnel source and destination are the addresses in the outer IP header of the tunnel.
 |
Note: The tunnel source address must be configured locally on the router, and the tunnel destination address must be a valid address for the security gateway terminating the tunnel. The M5, M10, M20, and M40 routers support the ES PIC. You can also configure IPSec on the AS PIC and MultiServices PICs. For information about how to configure IPSec on the AS PIC or MultiServices PIC, see the JUNOS Services Interfaces Configuration Guide. |
The SA must be a valid tunnel-mode SA. The interface address and destination address listed are optional. The destination address allows the user to configure a static route to encrypt traffic. If a static route uses that destination address as the next hop, traffic is forwarded through the portion of the tunnel in which encryption occurs. For more information about the ES PIC, see the JUNOS Services Interfaces Configuration Guide.
 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |