Stefan:
Sorry, I was specfically referring to dynamic endpoint configurations,
where you reference an isakmp access profile in the config. There is a
restriction that if you do this (which is required to support dynamic
endpoints), then you can not re-use the local gateway in another
service-set.
see note in:
http://www.juniper.net/techpubs/software/junos/junos91/swconfig-services/configuring-the-service-set.html
Stefan Fouant wrote:
What version of code are you running?
I am currently running JUNOS 8.2R4.5 in my network and I am using the
same local-gateway in multiple service-sets:
service-set a-b{
next-hop-service {
inside-service-interface sp-2/2/0.5;
outside-service-interface sp-2/2/0.6;
}
ipsec-vpn-options {
local-gateway x.x.x.22;
}
ipsec-vpn-rules a-b;
}
service-set a-c {
next-hop-service {
inside-service-interface sp-2/2/0.7;
outside-service-interface sp-2/2/0.8;
}
ipsec-vpn-options {
local-gateway x.x.x.22;
}
ipsec-vpn-rules a-c;
}
service-set a-d {
next-hop-service {
inside-service-interface sp-2/2/0.9;
outside-service-interface sp-2/2/0.10;
}
ipsec-vpn-options {
local-gateway x.x.x.22;
}
ipsec-vpn-rules a-d;
}
Doesn't seem to be a problem for me.
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp