Juniper JUNOSE 11.2.X IP SERVICES, Руководство по настройке

Страница: 184 / 356

Tunnel from Ottawa to Boston on virtual router B:
erx1:vrB(config)# interface tunnel ipsec:Bottawa2boston transport-virtual-router
default
erx1:vrB(config-if)# tunnel transform-set customerBprotection
erx1:vrB(config-if)# tunnel local-identity subnet 10.1.0.0 255.255.0.0
erx1:vrB(config-if)# tunnel peer-identity subnet 10.3.0.0 255.255.0.0
erx1:vrB(config-if)# tunnel source 5.1.0.2
erx1:vrB(config-if)# tunnel destination 5.3.0.2
erx1:vrB(config-if)# ip address 10.3.0.0 255.255.0.0
erx1:vrB(config-if)# exit
Tunnel from Ottawa to Boca on virtual router B:
erx1:vrB(config)# interface tunnel ipsec:Bottawa2boca transport-virtual-router
default
erx1:vrB(config-if)# tunnel transform-set customerBprotection
erx1:vrB(config-if)# tunnel local-identity subnet 10.1.0.0 255.255.0.0
erx1:vrB(config-if)# tunnel peer-identity subnet 10.2.0.0 255.255.0.0
erx1:vrB(config-if)# tunnel source 5.1.0.2
erx1:vrB(config-if)# tunnel destination 5.2.0.2
erx1:vrB(config-if)# ip address 10.2.0.0 255.255.0.0
erx1:vrB(config-if)# exit
4.
On erx2, create two IPSec tunnels, one to carry customer A's traffic and another to
carry customer B's traffic. You must create each pair of tunnels in the virtual routers
where the IP interfaces reaching those customers are defined. Create the endpoints
for the tunnels in the ISP default virtual router.
Virtual router A:
erx2(config)# virtual-router vrA
erx2:vrA(config)#
Tunnel from Boca to Ottawa on virtual router A:
erx2:vrA(config)# interface tunnel ipsec:Aboca2ottawa transport-virtual-router
default
erx2:vrA(config-if)# tunnel transform-set customerAprotection
erx2:vrA(config-if)# tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrA(config-if)# tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx2:vrA(config-if)# tunnel source 5.2.0.1
erx2:vrA(config-if)# tunnel destination 5.1.0.1
erx2:vrA(config-if)# ip address 10.1.0.0 255.255.0.0
erx2:vrA(config-if)# exit
Tunnel from Boca to Boston on virtual router A:
erx2:vrA(config)# interface tunnel ipsec:Aboca2boston transport-virtual-router
default
erx2:vrA(config-if)# tunnel transform-set customerAprotection
erx2:vrA(config-if)# tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrA(config-if)# tunnel peer-identity subnet 10.3.0.0 255.255.0.0
erx2:vrA(config-if)# tunnel source 5.2.0.1
erx2:vrA(config-if)# tunnel destination 5.3.0.1
erx2:vrA(config-if)# ip address 10.3.0.0 255.255.0.0
erx2:vrA(config-if)# exit
Virtual router B:
Copyright © 2010, Juniper Networks, Inc. 158
JunosE 11.2.x IP Services Configuration Guide