- rule rule-name {
- match-direction (input | output);
-
- term term-name {
-
- from {
- destination-address address;
- ipsec-inside-interface interface-name;
- source-address address;
- }
-
- then {
- backup-remote-gateway address;
- clear-dont-fragment-bit;
-
- dynamic {
- ike-policy policy-name;
- ipsec-policy policy-name;
- }
- initiate-dead-peer-detection;
-
- manual {
-
- direction (inbound | outbound |
bidirectional) {
-
- authentication {
- algorithm (hmac-md5-96 | hmac-sha1-96);
- key (ascii-text key | hexadecimal key);
- }
- auxiliary-spi spi-value;
-
- encryption {
- algorithm algorithm;
- key (ascii-text key | hexadecimal key);
- }
- protocol (ah | bundle | esp);
- spi spi-value;
- }
- }
- no-anti-replay;
- remote-gateway address;
- syslog;
- tunnel-mtu bytes;
- }
- }
- }
Statement introduced before JUNOS Release 7.4.
Specify the rule the router uses when applying this service.
rule-name—Identifier for the collection of terms that comprise this rule.
The remaining statements are explained separately.
See Configuring Match Direction for IPsec Rules.
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.