Juniper IP SERVICES - CONFIGURATION GUIDE V 11.1.X Configuration Manual page 189

erx3(config-if)#ip address 200.1.0.0 255.255.0.0
erx3(config-if)#exit
Tunnel 2:
erx3(config)#interface tunnel ipsec:Aboston2boca
erx3(config-if)#tunnel transform-set customerAprotection
erx3(config-if)#tunnel local-identity subnet 200.3.0.0 255.255.0.0
erx3(config-if)#tunnel peer-identity subnet 200.2.0.0 255.255.0.0
erx3(config-if)#tunnel source 100.3.0.1
erx3(config-if)#tunnel destination 100.2.0.1
erx3(config-if)#ip address 200.2.0.0 255.255.0.0
erx3(config-if)#exit
The configuration is complete. Now customer A traffic between different cities flows
through the public, or untrusted, IP network inside a tunnel, where each packet is
encrypted and authenticated. Of course, this example shows the basic secure
encapsulation of customer traffic over the untrusted IP network. You can add features
such as key refreshing.
Example 2, shown in Figure 17 on page 164, enhances the previous example by
Example 2
having the same ISP-X providing leased line replacement to two customers who use
address schemes in the same range. There are two ways to solve scenarios in which
different customers use similar IP address schemes:
One solution is to have different transport virtual routers a configuration similar
to example 1, except that a different VR domain is possible.
Another solution, as described in this example, simply duplicates the endpoints
for the transport VR. This example assumes that the transport VR is the default
VR.
Chapter 5: Configuring IPSec
Configuration Examples
163