Configuring the Service Set for IPsec Dynamic Endpoint Tunnels
To complete a dynamic endpoint tunnel configuration,
you need to reference the IKE access profile configured at the [edit access] hierarchy level in the service set. To do this,
include the ike-access-profile statement at the [edit
services service-set name ipsec-vpn-options] hierarchy level:
[edit services] service-set name { next-hop-service { inside-service-interface interface-name; outside-service-interface interface-name; } ipsec-vpn-options { local-gateway address; ike-access-profile profile-name; } }
You can reference only one access profile in each service set. This profile is used to negotiate IKE and IPsec security associations with dynamic peers only.
Note:
If you configure an IKE access profile in a service set, no other service set can share the same local-gateway address.