gw-interface
Syntax
gw-interface interface-name.logical-unit-number;
Hierarchy Level
[edit services service-set service-set-name ipsec-vpn-options local-gateway address]
Description
Enable the cleanup of IKE triggers and IKE and IPsec SAs when an IPsec tunnel’s local gateway IP address goes down or the MS-MIC or MS-MPC being used in the tunnel’s service set goes down. If the local gateway IP address for an IPsec tunnel’s service set goes down or the MS-MIC or MS-MPC that is being used in the service set goes down, the service set no longer sends IKE triggers. In addition, when the local gateway IP address goes down, the IKE and IPsec SAs are cleared for next-hop service sets, and go to the Not Installed state for interface-style service sets. The SAs that have the Not Installed state are deleted when the local gateway IP address comes back up.
If the local gateway IP address that goes down is for the responder peer, then you need to manually clear the IKE and IPsec SAs on the initiator peer so that the IPsec tunnel comes back up once the local gateway IP address comes back up (see clear services ipsec-vpn ike security-associations and clear services ipsec-vpn ipsec security-associations).
Options
| interface-name | Name of the interface of the IPsec local gateway. |
| logical-unit-numer | Number of the logical unit of the IPsec local gateway interface. You must include the logical unit number. |
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.2.