Junos
Highlighted
Junos

leak routes ipsec tunnel to vrf

a week ago

Hello

 

I need help in getting the tunnel to access routes in a particular vrf, essentially REMOTE SITE should be able to access VRF-A as shown below

 

                                                                                                 
+-------------------------+                                                                      
|      +-----------+      |                 +----------------+                                   
|      |   VRF-A   |      |                 |    INTERNET    |                +-----------------+
|      +-----------+      |                 |                |                |                 |
|                       +-------------------+----------------+----------------|    REMOTE SITE  |
|     JUNOS SRX/MX      |               IPSEC TUNNEL OVER INTERNET            |                 |
|                       +-------------------+----------------+----------------|                 |
|    +---------------+    |                 |                |                |                 |
|    |  OTHER VRFS   |    |                 |                |                +-----------------+
|    +---------------+    |                 +----------------+                                   
|-------------------------+                                                                      
                                                                                                 
                                                                                                 

 

Thanks

 

3 REPLIES 3
Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

a week ago

Hello,

 

You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

Otherwise You have to use MPLS-over-GRE-over-IPSec with selective packet mode and what-not as described here

https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/mpls-over-gre-wit...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

a week ago

Hello

 


@aarseniev wrote:

You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

 

Thanks for the advise, will review both methods, please assit to share a link that covers the above method, somehow was not successfull on searching thru this forum.

 

Thanks

Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

[ Edited ]
a week ago

Hello,

 

Of course.

Please check out this working solution

 

https://forums.juniper.net/t5/SRX-Services-Gateway/Cannot-get-multiple-IPsec-tunnels-working-on-SRX/...

 

HTH

Thx

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !