Configuring Ipsec Service Sets - Juniper J2300 User Manual

J-series™ Services Router User Guide
Task
Configure the inside services interface
for the IPSec tunnel.
On the J-series Services Router,
the services interface is always
sp-0/0/0. unit . The logical interface
must have a unit number other
than 0. By default, the J-Web Quick
Configuration uses the unit number
1001 for inside-service logical
interfaces.
Configure the outside services interface
for the IPSec tunnel.
On the J-series Services Router,
the services interface is always
sp-0/0/0. unit . The logical interface
must have a unit number other
than 0. By default, the J-Web Quick
Configuration uses the unit number
2001 for outside-service logical
interfaces.

Configuring IPSec Service Sets

The next-hop service set defines which services interface to use for all inside-service
next hops and all outside-service next hops (traffic inside the network and outside
the network). The unit numbers used to define the next-hop interfaces must
match exactly the unit numbers used in the interfaces configuration.
When you configure an IPSec service set, you must also configure the local gateway.
You then configure an IPSec rule to set the remote gateway on all traffic, configure a
security association (SA) with a static IKE key, and configure another rule to act
on input traffic. This configuration allows you to set the remote gateway address
and perform IKE validation on all incoming traffic through the IPSec tunnel.
488
Configuring an IPSec Tunnel with a Configuration Editor
J-Web Configuration Editor
1.
In the Interface field, click Add
new entry.
2.
In the Interface name field, type
sp-0/0/0, and click OK.
3.
In the Interface field, click sp-0/0/0.
4. In the Unit field, click Add new
entry.
5. In the Interface unit number field,
type 1001.
6.
In the Service domain box, select
inside from the drop-down menu.
7.
In the Family field, click inet.
8. Select the Primary box, and click
OK.
1.
In the Interface field, click Add
new entry.
2. In the Interface name field, type
sp-0/0/0, and click OK.
3.
In the Interface field, click sp-0/0/0.
4.
In the Unit field, click Add new
entry.
5.
In the Interface unit number field,
type 2001.
6.
In the Service domain box, select
outside from the drop-down menu.
7.
In the Family field, click inet.
8. Select the Primary box, and click
OK.
CLI Configuration Editor
1.
Configure the services interface as
an inside-service interface:
set sp-0/0/0 unit 1001
service-domain inside
2.
Configure the services interface as
an inet interface:
set sp-0/0/0 unit 1001 family inet
1.
Configure the services interface as
an outside-service interface:
set sp-/0/0/0 unit 2001
service-domain outside
2.
Configure the services interface as
an inet interface:
set sp-0/0/0 unit 2001 family inet