[j-nsp] Dynamic Endpoints w/ IPSec
Derick Winkworth
dwinkworth at wi.rr.com
Tue Jul 8 12:18:13 EDT 2008
Stefan:
Sorry, I was specfically referring to dynamic endpoint configurations,
where you reference an isakmp access profile in the config. There is a
restriction that if you do this (which is required to support dynamic
endpoints), then you can not re-use the local gateway in another
service-set.
see note in:
http://www.juniper.net/techpubs/software/junos/junos91/swconfig-services/configuring-the-service-set.html
Stefan Fouant wrote:
> What version of code are you running?
>
> I am currently running JUNOS 8.2R4.5 in my network and I am using the
> same local-gateway in multiple service-sets:
>
> service-set a-b{
> next-hop-service {
> inside-service-interface sp-2/2/0.5;
> outside-service-interface sp-2/2/0.6;
> }
> ipsec-vpn-options {
> local-gateway x.x.x.22;
> }
> ipsec-vpn-rules a-b;
> }
> service-set a-c {
> next-hop-service {
> inside-service-interface sp-2/2/0.7;
> outside-service-interface sp-2/2/0.8;
> }
> ipsec-vpn-options {
> local-gateway x.x.x.22;
> }
> ipsec-vpn-rules a-c;
> }
> service-set a-d {
> next-hop-service {
> inside-service-interface sp-2/2/0.9;
> outside-service-interface sp-2/2/0.10;
> }
> ipsec-vpn-options {
> local-gateway x.x.x.22;
> }
> ipsec-vpn-rules a-d;
> }
>
> Doesn't seem to be a problem for me.
>
>
More information about the juniper-nsp
mailing list