Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Example: Dynamic Endpoint Tunneling Configuration

Figure 1: IPSec Dynamic Endpoint Tunneling Topology DiagramIPSec Dynamic Endpoint Tunneling Topology Diagram

Figure 1 shows a local network N-1 located behind security gateway SG-1. SG-1 is a Juniper Networks router terminating dynamic peer endpoints. The tunnel termination address on SG-1 is 10.7.7.2 and the local network address is 172.16.1.0/24.

A remote peer router obtains addresses from an ISP pool and runs RFC-compliant IKE. Remote network N-2 has address 172.16.2.0/24 and is located behind security gateway SG-2 with tunnel termination address 10.7.7.1.

On Router SG-1, configure an IKE access profile to accept proposals from SG-2. Apply the interface identifier from the access profile to the inside services interface and apply the IKE access profile itself to the IPSec next-hop style service set.

Router SG-1

Verifying Your Work

To verify proper operation of a dynamic endpoint tunnel configured on the AS PIC, use the following command:

The following section shows output from this command used with the configuration example. The dynamically created rule _junos_ appears in the output, as well as the establishment of the inbound and outbound dynamically created tunnels.