Hi all,Here are the ipsec vpn configuration example.Does this command "set interface ipsec spd GigabitEthernet0/8/0 1" mean that all traffic comes through this int will be processed by ipsec?How cloud I only protect some specific traffic and leave the other traffic to the normal forwarding procedure?
set int ip address GigabitEthernet0/8/0 192.168.100.3/24 set int state GigabitEthernet0/8/0 up set ip arp GigabitEthernet0/8/0 192.168.100.2 08:00:27:12:3c:cc ipsec sa add 10 spi 1001 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58 ipsec sa add 20 spi 1000 esp crypto-alg aes-cbc-128 crypto-key 4a506a794f574265564551694d653768 integ-alg sha1-96 integ-key 4339314b55523947594d6d3547666b45764e6a58 ipsec spd add 1 set interface ipsec spd GigabitEthernet0/8/0 1 ipsec policy add spd 1 priority 100 inbound action bypass protocol 50 ipsec policy add spd 1 priority 100 outbound action bypass protocol 50 ipsec policy add spd 1 priority 10 inbound action protect sa 20 local-ip-range 192.168.100.3 - 192.168.100.3 remote-ip-range 192.168.100.2 - 192.168.100.2 ipsec policy add spd 1 priority 10 outbound action protect sa 10 local-ip-range 192.168.100.3 - 192.168.100.3 remote-ip-range 192.168.100.2 - 192.168.100.2
