Currently building a lab and decided to connect my SRX that was collecting dust. Currently we have a bunch of routers connected to each other over the public internet using IPSEC links with GRE running on top and doing routing via BGP.
I currently have the SRX linked in using GRE and BGP, but would like to IPSEC the link as well. I have looked at the KB article for doing IPSEC+GRE, but was curious if there was anything special that needed to be done since it would need to be route based and I am using BGP.
Are there any examples already out there that demonstrate this kind of deployment/setup?
as mentioned in the KB, the important thing that you need to take care of is st0 interface ip . Currently SRX does not support dynamic routing protocols to run over unnumbered st0 interface since there is no deterministic way to pick the right IP address for the unnumbered interface.
Rest all configuration should be as usual.
Best regards Pradeep (JNCIP-SEC,ENT,SP) www.networker.co.in