Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring the Service Set for IPsec Dynamic Endpoint Tunnels

To complete a dynamic endpoint tunnel configuration, you need to reference the IKE access profile configured at the [edit access] hierarchy level in the service set. To do this, include the ike-access-profile statement at the [edit services service-set name ipsec-vpn-options] hierarchy level:

You can reference only one access profile in each service set. This profile is used to negotiate IKE and IPsec security associations with dynamic peers only.


If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address.