Junos OS

last person joined: 12 hours ago 

Ask questions and share experiences about Junos OS.

  • 1.  leak routes ipsec tunnel to vrf

    Posted 05-23-2020 03:22

    Hello

     

    I need help in getting the tunnel to access routes in a particular vrf, essentially REMOTE SITE should be able to access VRF-A as shown below

     

                                                                                                     
+-------------------------+                                                                      
|      +-----------+      |                 +----------------+                                   
|      |   VRF-A   |      |                 |    INTERNET    |                +-----------------+
|      +-----------+      |                 |                |                |                 |
|                       +-------------------+----------------+----------------|    REMOTE SITE  |
|     JUNOS SRX/MX      |               IPSEC TUNNEL OVER INTERNET            |                 |
|                       +-------------------+----------------+----------------|                 |
|    +---------------+    |                 |                |                |                 |
|    |  OTHER VRFS   |    |                 |                |                +-----------------+
|    +---------------+    |                 +----------------+                                   
|-------------------------+

     

    Thanks

     



  • 2.  RE: leak routes ipsec tunnel to vrf

    Posted 05-23-2020 05:21

    Hello,

     

    You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

    Otherwise You have to use MPLS-over-GRE-over-IPSec with selective packet mode and what-not as described here

    https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/mpls-over-gre-with-ipsec-fragmentation-and-reassembly-configuring.html

     

    HTH

    Thx

    Alex



  • 3.  RE: leak routes ipsec tunnel to vrf

    Posted 05-24-2020 07:50

    Hello

     

    @aarseniev wrote:

    You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

     

    Thanks for the advise, will review both methods, please assit to share a link that covers the above method, somehow was not successfull on searching thru this forum.

     

    Thanks



  • 4.  RE: leak routes ipsec tunnel to vrf

    Posted 05-24-2020 09:59

    Hello,

     

    Of course.

    Please check out this working solution

     

    https://forums.juniper.net/t5/SRX-Services-Gateway/Cannot-get-multiple-IPsec-tunnels-working-on-SRX/m-p/109680/highlight/true#M13768

     

    HTH

    Thx

    Alex

     

     



  • 5.  RE: leak routes ipsec tunnel to vrf
    Best Answer

    Posted 06-28-2020 11:03

    Anyone that may need reference please view the solution over at https://forums.juniper.net/t5/Junos/VRF-Aware-IPSec-VPN-on-Junos-possible/td-p/478752