[j-nsp] Firewall filter on IPSec tunnel
Matt Stevens
matt at elevate.org
Wed Jan 28 13:44:04 EST 2009
That's in the services ipsec-vpn rule:
rule ashburn2 {
term one {
from {
ipsec-inside-interface sp-0/0/0.13;
}
then {
remote-gateway 10.11.12.14;
dynamic {
ike-policy hq-ashburn2;
ipsec-policy site-to-site;
}
clear-dont-fragment-bit;
}
}
match-direction input;
}
--
matt
Nan Li wrote:
> Show me the "match-direction input"
>
> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net
> [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Matt Stevens
> Sent: Wednesday, January 28, 2009 10:24 AM
> To: Stefan Fouant
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] Firewall filter on IPSec tunnel
>
> These are next-hop ipsec sets. For example:
>
> service-set ashburn2 {
> ipsec-vpn-options {
> local-gateway 10.11.12.13;
> }
> ipsec-vpn-rules ashburn2;
> next-hop-service {
> inside-service-interface sp-0/0/0.13;
> outside-service-interface sp-0/0/0.12;
> }
> }
>
> local-gateway has been changed to protect the innocent...
More information about the juniper-nsp
mailing list