Related Documentation
IPsec Tunnel Traffic Configuration Overview
Traffic configuration defines the traffic that must flow through the IPsec tunnel. You configure outbound and inbound firewall filters, which identify and direct traffic to be encrypted and confirm that decrypted traffic parameters match those defined for the given tunnel. The outbound filter is applied to the LAN or WAN interface for the incoming traffic you want to encrypt off of that LAN or WAN. The inbound filter is applied to the ES PIC to check the policy for traffic coming in from the remote host. Because of the complexity of configuring a router to forward packets, no automatic checking is done to ensure that the configuration is correct. Make sure that you configure the router very carefully.
 | Note: The valid firewall filters statements for IPsec are destination-port, source-port, protocol, destination-address, and source-address. |
In Figure 1, Gateway A protects the network 10.1.1.0/24, and Gateway B protects the network 10.2.2.0/24. The gateways are connected by an IPsec tunnel.
Figure 1: Example: IPsec Tunnel Connecting Security Gateways
The SA and ES interfaces for Gateway A are configured as follows:
The SA and ES interfaces for Gateway B are configured as follows:
