ScreenOS Firewalls (NOT SRX)
Blogs
Discussion Forums
Programs & Events
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Reply
Topic Options
Trusted Contributor
michael.saw
Posts: 826
Registered: ‎09-26-2011
0

IPSec over GRE?

Options

‎02-29-2012 07:35 AM

Hi all,

 

Can Juniper Firewall support IPSec over GRE?

Are there kb links on this?

 

Couldn't find much information here...

Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 1 of 5 (296 Views)
 
Reply
Distinguished Expert
Distinguished Expert
echidov
Posts: 833
Registered: ‎11-02-2009
0

Re: IPSec over GRE?

Options

‎03-01-2012 01:26 AM

Hi,

 

KB3256 How to configure a GRE tunnel over IPSEC between Juniper Firewall devices

KB6126 Can a GRE tunnel be established between a Juniper Firewall and a Cisco Router?

Kind regards,
Edouard
Message 2 of 5 (287 Views)
 
Reply
Trusted Contributor
michael.saw
Posts: 826
Registered: ‎09-26-2011
0

Re: IPSec over GRE?

Options

‎03-04-2012 07:48 PM

Hi echidov,

Thanks for that.
How about IPSec over GRE?
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 3 of 5 (266 Views)
 
Reply
Distinguished Expert
Distinguished Expert
echidov
Posts: 833
Registered: ‎11-02-2009
0

Re: IPSec over GRE?

Options

‎03-05-2012 12:32 AM

Hi,

 

I have never tried this but it should be possible. You can configure a GRE tunnel as described in the KB but without IPSec. As there are no VPN SAs the tunnel interface will not come up. But routing through the tunnel interface may be forced if the routes are configured as permanent. The IPs of the VPN endpoints should be routed across the GRE tunnel.

As I suppose you want to terminate the VPN IPSec on a third party device(s). If both devices are SSGs this does not make sense to use IPSec over GRE.

Kind regards,
Edouard
Message 4 of 5 (262 Views)
 
Reply
Trusted Contributor
michael.saw
Posts: 826
Registered: ‎09-26-2011
0

Re: IPSec over GRE?

Options

‎03-06-2012 02:47 AM

Hi echidov,

Thanks for sharing.

Anyone have any links to share on this?
Thanks!

Michael
JNCIA-JUNOS, JNCIS-ENT, JNCIS-SEC
(CCNA, ACMP, ACFE, CISE)
"http://www.thechampioncommunity.com/"
CONNECT EVERYTHING. EMPOWER EVERYONE.
Share & Learn. Knowledge is Power.

"If there's a will, there's a way!"
Message 5 of 5 (251 Views)
 
Reply
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.