Juniper JUNOSE 11.2.X IP SERVICES, Руководство по настройке

Страница: 185 / 356

erx2(config)# virtual-router vrB
erx2:vrB(config)#
Tunnel from Boca to Ottawa on virtual router B:
erx2:vrB(config)# interface tunnel ipsec:Bboca2ottawa transport-virtual-router
default
erx2:vrB(config-if)# tunnel transform-set customerBprotection
erx2:vrB(config-if)# tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrB(config-if)# tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx2:vrB(config-if)# tunnel source 5.2.0.2
erx2:vrB(config-if)# tunnel destination 5.1.0.2
erx2:vrB(config-if)# ip address 10.1.0.0 255.255.0.0
erx2:vrB(config-if)# exit
Tunnel from Boca to Boston on virtual router B:
erx2:vrB(config)# interface tunnel ipsec:Bboca2boston transport-virtual-router
default
erx2:vrB(config-if)# tunnel transform-set customerBprotection
erx2:vrB(config-if)# tunnel local-identity subnet 10.2.0.0 255.255.0.0
erx2:vrB(config-if)# tunnel peer-identity subnet 10.3.0.0 255.255.0.0
erx2:vrB(config-if)# tunnel source 5.2.0.2
erx2:vrB(config-if)# tunnel destination 5.3.0.2
erx2:vrB(config-if)# ip address 10.3.0.0 255.255.0.0
erx2:vrB(config-if)# exit
5.
Last, on erx3, create two IPSec tunnels, one to carry customer A's traffic and another
to carry customer B's traffic.
Virtual router A:
erx3(config)# virtual-router vrA
erx3:vrA(config)#
Tunnel from Boston to Ottawa on virtual router A:
erx3:vrA(config)# interface tunnel ipsec:Aboston2ottawa transport-virtual-router
default
erx3:vrA(config-if)# tunnel transform-set customerAprotection
erx3:vrA(config-if)# tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrA(config-if)# tunnel peer-identity subnet 10.1.0.0 255.255.0.0
erx3:vrA(config-if)# tunnel source 5.3.0.1
erx3:vrA(config-if)# tunnel destination 5.1.0.1
erx3:vrA(config-if)# ip address 10.1.0.0 255.255.0.0
erx3:vrA(config-if)# exit
Tunnel from Boston to Boca on virtual router A:
erx3:vrA(config)# interface tunnel ipsec:Aboston2boca transport-virtual-router
default
erx3:vrA(config-if)# tunnel transform-set customerAprotection
erx3:vrA(config-if)# tunnel local-identity subnet 10.3.0.0 255.255.0.0
erx3:vrA(config-if)# tunnel peer-identity subnet 10.2.0.0 255.255.0.0
erx3:vrA(config-if)# tunnel source 5.3.0.1
erx3:vrA(config-if)# tunnel destination 5.2.0.1
erx3:vrA(config-if)# ip address 10.1.0.0 255.255.0.0
erx3:vrA(config-if)# exit
Virtual router B:
159 Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Configuring IPSec