Option: Configuring Multiple Routed Tunnels in a Single Next-Hop Service Set
To save you time and simplify your configurations, an enhancement to the Junos OS enables you to configure several routed IPSec tunnels within a single next-hop service set. To configure, establish multiple services interfaces as inside interfaces by including the service-domain inside statement at the [edit interfaces sp-fpc/pic/port unit logical-unit-number] hierarchy level. Then, include the ipsec-inside-interface statement at the [edit services ipsec-vpn rule rule-name term term-name from] hierarchy level.
 | Note: The full IPSec and IKE proposals and policies are not shown in the following example for the sake of brevity. For more information on proposals and policies, see Configuring IKE Dynamic SAs. |
To confirm that your configuration is working, issue the show services ipsec-vpn ipsec security-associations command. Notice that each IPSec inside interface that you assigned to each IPSec tunnel is included in the output of this command.
user@router> show services ipsec-vpn
ipsec security-associations Service set: link_type_ss_1
Rule: link_rule_1, Term: 1, Tunnel index: 1
Local gateway: 10.8.7.2, Remote gateway: 10.8.7.1
IPSec inside interface: sp-3/3/0.3
Direction SPI AUX-SPI Mode Type Protocol
inbound 3216392497 0 tunnel dynamic ESP
outbound 398917249 0 tunnel dynamic ESP
Rule: link_rule_1, Term: 2, Tunnel index: 2
Local gateway: 10.8.7.2, Remote gateway: 10.12.7.5
IPSec inside interface: sp-3/3/0.5
Direction SPI AUX-SPI Mode Type Protocol
inbound 762146783 0 tunnel dynamic ESP
outbound 319191515 0 tunnel dynamic ESP
