erx2:vrA(config-if)#
tunnel peer-identity subnet 10.3.0.0 255.255.0.0
erx2:vrA(config-if)#
tunnel source 5.2.0.1
erx2:vrA(config-if)#
tunnel destination 5.3.0.1
erx2:vrA(config-if)#
ip address 10.3.0.0 255.255.0.0
erx2:vrA(config-if)#
exit
Virtual router B:
erx2(config)#
virtual-router vrB
erx2:vrB(config)#
Tunnel from Boca to Ottawa on virtual router B:
erx2:vrB(config)#
interface tunnel ipsec:Bboca2ottawa transport-virtual-router
default
erx2:vrB(config-if)#
tunnel transform-set customerBprotection
erx2:vrB(config-if)#
tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrB(config-if)#
tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx2:vrB(config-if)#
tunnel source 5.2.0.2
erx2:vrB(config-if)#
tunnel destination 5.1.0.2
erx2:vrB(config-if)#
ip address 10.1.0.0 255.255.0.0
erx2:vrB(config-if)#
exit
Tunnel from Boca to Boston on virtual router B:
erx2:vrB(config)#
interface tunnel ipsec:Bboca2boston transport-virtual-router
default
erx2:vrB(config-if)#
tunnel transform-set customerBprotection
erx2:vrB(config-if)#
tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrB(config-if)#
tunnel peer-identity subnet 10.3.0.0 255.255.0.0
erx2:vrB(config-if)#
tunnel source 5.2.0.2
erx2:vrB(config-if)#
tunnel destination 5.3.0.2
erx2:vrB(config-if)#
ip address 10.3.0.0 255.255.0.0
erx2:vrB(config-if)#
exit
5.
Last, on erx3, create two IPSec tunnels, one to carry customer A's traffic and
another to carry customer B's traffic.
Virtual router A:
erx3(config)#
virtual-router vrA
erx3:vrA(config)#
Tunnel from Boston to Ottawa on virtual router A:
erx3:vrA(config)#
interface tunnel ipsec:Aboston2ottawa transport-virtual-router
default
erx3:vrA(config-if)#
tunnel transform-set customerAprotection
erx3:vrA(config-if)#
tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrA(config-if)#
tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx3:vrA(config-if)#
tunnel source 5.3.0.1
erx3:vrA(config-if)#
tunnel destination 5.1.0.1
erx3:vrA(config-if)#
ip address 10.1.0.0 255.255.0.0
erx3:vrA(config-if)#
exit
Tunnel from Boston to Boca on virtual router A:
Configuration Examples
■
167
Chapter 5: Configuring IPSec
Summary of Contents for IP SERVICES - CONFIGURATION GUIDE V 11.1.X
Page 6: ...vi...
Page 8: ...viii JUNOSe 11 1 x IP Services Configuration Guide...
Page 18: ...xviii Table of Contents JUNOSe 11 1 x IP Services Configuration Guide...
Page 20: ...xx List of Figures JUNOSe 11 1 x IP Services Configuration Guide...
Page 22: ...xxii List of Tables JUNOSe 11 1 x IP Services Configuration Guide...
Page 28: ...2 Chapters JUNOSe 11 1 x IP Services Configuration Guide...
Page 138: ...112 Monitoring J Flow Statistics JUNOSe 11 1 x IP Services Configuration Guide...
Page 286: ...260 Monitoring IP Tunnels JUNOSe 11 1 x IP Services Configuration Guide...
Page 312: ...286 Monitoring IP Reassembly JUNOSe 11 1 x IP Services Configuration Guide...
Page 357: ...Part 2 Index Index on page 333 Index 331...
Page 358: ...332 Index JUNOSe 11 1 x IP Services Configuration Guide...