Aşağıdaki gibi yapılabilir.
set services ipsec-vpn ike policy POLICY1 proposals ike_standard set services ipsec-vpn ike policy POLICY1 pre-shared-key ascii-text xxxxxxxxx set interfaces sp-1/2/0 unit 814 description " XXX Inside to YYY-RTR-1" set interfaces sp-1/2/0 unit 814 family inet address 192.168.X.X/30 set interfaces sp-1/2/0 unit 814 family inet mtu 1400 set interfaces sp-1/2/0 unit 814 service-domain inside set interfaces sp-1/2/0 unit 815 description "XXX Outside from XXX-RTR-1" set interfaces sp-1/2/0 unit 815 family inet set interfaces sp-1/2/0 unit 815 service-domain outside set services service-set to-XXX-RTR-1 next-hop-service inside-service-interface sp-1/2/0.814 set services service-set to-XXX-RTR-1 next-hop-service outside-service-interface sp-1/2/0.815 set services service-set to-XXX-RTR-1 ipsec-vpn-options local-gateway 69.2.X.X set services service-set to-XXX-RTR-1 ipsec-vpn-rules to-XXX-RTR-1 set services ipsec-vpn rule to-XXX-RTR-1 term 1 then remote-gateway 59.18.X.X set services ipsec-vpn rule to-XXX-RTR-1 term 1 then dynamic ike-policy XXX_policy set services ipsec-vpn rule to-XXX-RTR-1 term 1 then dynamic ipsec-policy ipsec_standard set services ipsec-vpn rule to-XXX-RTR-1 match-direction input set interfaces lo0 unit 1158 description "XXX Loopback" set interfaces lo0 unit 1158 family inet address 69.2.X.X/32 set policy-options community XXX members target:1158:1 set policy-options policy-statement XXX_IN term MGMT from community MGMT set policy-options policy-statement XXX_IN term MGMT then accept set policy-options policy-statement XXX_IN term MINE from community XXX set policy-options policy-statement XXX_IN term MINE then accept set policy-options policy-statement XXX_OUT term MGMT from prefix-list XXX_MGMT set policy-options policy-statement XXX_OUT term MGMT then community set MGMT_IN set policy-options policy-statement XXX_OUT term MGMT then community add XXX set policy-options policy-statement XXX_OUT term MGMT then accept set policy-options policy-statement XXX_OUT term ACCEPT then community set XXX set policy-options policy-statement XXX_OUT term ACCEPT then accept set policy-options prefix-list XXX_MGMT 74.8.X.X/32 set routing-instances XXX-V1 instance-type vrf set routing-instances XXX-V1 interface lo0.1158 set routing-instances XXX-V1 interface sp-1/2/0.814 set routing-instances XXX-V1 route-distinguisher 69.2.X.X:1158 set routing-instances XXX-V1 vrf-import XXX_IN set routing-instances XXX-V1 vrf-export XXX_OUT set routing-instances XXX-V1 vrf-target target:1158:1 set routing-instances XXX-V1 routing-options router-id 69.2.X.X set routing-instances XXX-V1 routing-options static route 74.8.X.X/32 next-hop sp-1/2/0.814 ///Customer loopback set routing-instances XXX-V1 routing-options static route 10.103.1.0/24 next-hop sp-1/2/0.814 ///customer LAn