[Contents] [Prev] [Next] [Index] [Report an Error]

Configuring IPSec Services Interfaces

To enable IPSec on a Services Router, you must configure the services interfaces. In the Services Router, the service interface is always sp-0/0/0.unit. For the services to be applied, you must first define the logical interfaces to be used. The logical interface must have a unit number other than 0. By default, the J-Web interface uses the unit number 1001 for inside-service logical interfaces, and 2001 for outside-service logical interfaces.

To configure an IPSec tunnel, you must configure the following services interfaces:

Inside services interface—Logical interface used to apply the service sets that define the behavior of the IPSec tunnel for outbound traffic (traffic whose next hop is inside the IPSec tunnel).
Outside services interface—Logical interface used to apply the service sets that define the behavior of the IPSec tunnel for inbound traffic (traffic whose next hop is outside the IPSec tunnel).

To configure IPSec inside services interfaces and outside services interfaces:

Navigate to the top of the configuration hierarchy in either the J-Web or CLI configuration editor..
Perform the configuration tasks described in Table 30.
Go on to Configuring IPSec.

Table 30: Configuring IPSec Interfaces

Task	J-Web Configuration Editor	CLI Configuration Editor
Navigate to the Interfaces level in the configuration hierarchy.	In the configuration editor hierarchy, select Interfaces.	From the top of the configuration hierarchy, enter edit interfaces
Configure the inside services interface for the IPSec tunnel.	Next to Interface, click Add new entry. In the Interface name box, type sp-0/0/0, and click OK. In the Interface box, click sp-0/0/0. Next to Unit, click Add new entry. In the Interface unit number box, type 1001. In the Service domain box, select inside from the list. In the Family box, select the check box next to Inet and click Configure. Select the Primary check box, and click OK until you return to the Interfaces page.	Configure the services interface as an inside-service interface: set sp-0/0/0 unit 1001 service-domain inside Configure the services interface as an inet interface: set sp-0/0/0 unit 1001 family inet
Configure the outside services interface for the IPSec tunnel.	Next to Interface, click sp-0/0/0. Next to Unit, click Add new entry. In the Interface unit number box, type 2001. In the Service domain box, select outside from the list. In the Family box, select the check box next to Inet and click Configure. Select the Primary check box, and click OK.	Configure the services interface as an outside-service interface: set sp-/0/0/0 unit 2001 service-domain outside Configure the services interface as an inet interface: set sp-0/0/0 unit 2001 family inet

Task

J-Web Configuration Editor

CLI Configuration Editor

Navigate to the Interfaces level in the configuration hierarchy.

In the configuration editor hierarchy, select Interfaces.

From the top of the configuration hierarchy, enter

edit interfaces

Configure the inside services interface for the IPSec tunnel.

Next to Interface, click Add new entry.
In the Interface name box, type sp-0/0/0, and click OK.
In the Interface box, click sp-0/0/0.
Next to Unit, click Add new entry.
In the Interface unit number box, type 1001.
In the Service domain box, select inside from the list.
In the Family box, select the check box next to Inet and click Configure.
Select the Primary check box, and click OK until you return to the Interfaces page.

Configure the services interface as an inside-service interface:
set sp-0/0/0 unit 1001 service-domain inside
Configure the services interface as an inet interface:
set sp-0/0/0 unit 1001 family inet

Configure the outside services interface for the IPSec tunnel.

Next to Interface, click sp-0/0/0.
Next to Unit, click Add new entry.
In the Interface unit number box, type 2001.
In the Service domain box, select outside from the list.
In the Family box, select the check box next to Inet and click Configure.
Select the Primary check box, and click OK.

Configure the services interface as an outside-service interface:
set sp-/0/0/0 unit 2001 service-domain outside
Configure the services interface as an inet interface:
set sp-0/0/0 unit 2001 family inet

[Contents] [Prev] [Next] [Index] [Report an Error]