Junos
Highlighted
Junos

leak routes ipsec tunnel to vrf

‎05-23-2020 03:22 AM

Hello

 

I need help in getting the tunnel to access routes in a particular vrf, essentially REMOTE SITE should be able to access VRF-A as shown below

 

                                                                                                 
+-------------------------+                                                                      
|      +-----------+      |                 +----------------+                                   
|      |   VRF-A   |      |                 |    INTERNET    |                +-----------------+
|      +-----------+      |                 |                |                |                 |
|                       +-------------------+----------------+----------------|    REMOTE SITE  |
|     JUNOS SRX/MX      |               IPSEC TUNNEL OVER INTERNET            |                 |
|                       +-------------------+----------------+----------------|                 |
|    +---------------+    |                 |                |                |                 |
|    |  OTHER VRFS   |    |                 |                |                +-----------------+
|    +---------------+    |                 +----------------+                                   
|-------------------------+                                                                      
                                                                                                 
                                                                                                 

 

Thanks

 

4 REPLIES 4
Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

‎05-23-2020 05:21 AM

Hello,

 

You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

Otherwise You have to use MPLS-over-GRE-over-IPSec with selective packet mode and what-not as described here

https://www.juniper.net/documentation/en_US/release-independent/nce/topics/example/mpls-over-gre-wit...

 

HTH

Thx

Alex

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

‎05-24-2020 07:50 AM

Hello

 


@aarseniev wrote:

You would be better off if You just create a separate IPSEC tunnel for each VRF, there are examples on this forum how to do it with unique proxy-ids on each side.

 

Thanks for the advise, will review both methods, please assit to share a link that covers the above method, somehow was not successfull on searching thru this forum.

 

Thanks

Highlighted
Junos

Re: leak routes ipsec tunnel to vrf

[ Edited ]
‎05-24-2020 09:59 AM

Hello,

 

Of course.

Please check out this working solution

 

https://forums.juniper.net/t5/SRX-Services-Gateway/Cannot-get-multiple-IPsec-tunnels-working-on-SRX/...

 

HTH

Thx

Alex

 

 

_____________________________________________________________________

Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements

+++++++++++++++++++++++++++++++++++++++++++++

Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
Highlighted
Junos
Solution
Accepted by topic author basondolepaul
‎06-28-2020 11:03 AM

Re: leak routes ipsec tunnel to vrf

‎06-28-2020 11:02 AM

Anyone that may need reference please view the solution over at https://forums.juniper.net/t5/Junos/VRF-Aware-IPSec-VPN-on-Junos-possible/td-p/478752

Feedback