Next, the IPsec tunnel needs endpoints, defined using the following commands
Defines the IP address used by TNSR for this IPsec tunnel. This address must exist on a TNSR interface.
Defines the IP address or fully qualified hostname of the remote peer.
When using a hostname, TNSR must be able to resolve it using DNS in the
dataplanenamespace when the tunnel is configured. See System DNS Resolution Behavior for information on configuring DNS resolution in namespaces.
Additionally, the strongSwan daemon will resolve the hostname each time an IPsec connection lookup is performed.
IPsec Endpoint Example¶
tnsr(config-ipsec-tun)# local-address 203.0.113.2 tnsr(config-ipsec-tun)# remote-address 203.0.113.25