[j-nsp] Firewall filter on IPSec tunnel
Matt Stevens
matt at elevate.org
Wed Jan 28 13:23:57 EST 2009
These are next-hop ipsec sets. For example:
service-set ashburn2 {
ipsec-vpn-options {
local-gateway 10.11.12.13;
}
ipsec-vpn-rules ashburn2;
next-hop-service {
inside-service-interface sp-0/0/0.13;
outside-service-interface sp-0/0/0.12;
}
}
local-gateway has been changed to protect the innocent...
--
matt
Stefan Fouant wrote:
> On Wed, Jan 28, 2009 at 1:17 PM, Matt Stevens <matt at elevate.org
> <mailto:matt at elevate.org>> wrote:
>
> Well, the fact that I'm terminating the tunnel helps. :-)
>
> Basically, I want to apply an output filter on the tunnel interface
> to filter packets leaving the tunnel towards a local subnet.
> --
> matt
>
>
> What type of service set are you using?
>
> --
> Stefan
More information about the juniper-nsp
mailing list