The following is an example config for secured interface. In this example, a SI tunnel ‟t1” is configured under interface ‟toPeer-1” in Base routing instance, along with an exception filter 100 that allows OSPF packets bypass IPsec processing:
config>filter# info
----------------------------------------------
ip-exception 100 create
entry 10 create
match protocol ospf-igp
exit
exit
exit
----------------------------------------------
config>router# info
----------------------------------------------
#--------------------------------------------------
echo "IPsec Configuration"
#--------------------------------------------------
ipsec
security-policy 1 create
entry 1 create
local-ip 100.0.0.20/32
remote-ip 200.1.1.254/32
exit
exit
exit
#--------------------------------------------------
echo "IP Configuration"
#--------------------------------------------------
interface "toPeer-1"
address 192.168.110.20/24
port 1/1/3
ipsec tunnel-group 1 public-sap 300
ip-exception 100
ipsec-tunnel "t1" private-sap 300 create
local-gateway-address 192.168.110.20
remote-gateway-address 172.16.21.1
security-policy 1
dynamic-keying
ike-policy 3
pre-shared-key "KrbVPnF6Dg13PM/biw6ErD9+g6HZ" hash2
transform 2
exit