Um, this statement doesn't make sense:
cornz24@yahoo.com wrote:
The issue is that if the tunnel endpoint on a unit is not the juniper IP, the tunnel does not work. If the tunnel endpoint is the juniper IP it works.
What, exactly, are you trying to do?
Host A ---(1)--> Juniper --(2)--> Linux server --(3)--> Host B
1) Juniper as a GRE transport tunnel to Linux
In this case, the GRE configuration is on (2). For the Juniper side, the source would be a public IP on the Juniper and the dest would be a public IP on linux. Linux source/dest would be reversed. The actual addresses used in the unit configuration are simply /30-/31 point-to-point interfaces used for the routing hop. There is no GRE configuration on Host A or B, or links (1) or (3).
2) Juniper to simply pass GRE traffic
In this case, you are trying to create a GRE tunnel directly between Host A and host B. In this scenario, neither Juniper nor Linux would have any GRE configuration.
3) GRE tunnel to Juniper + GRE tunnel to Linux
From the descriptions, it sounds like you are trying to do somethng akin this.
Host A -(GRE)-> Juniper -(GRE)-> Linux -> Host B
Not necessary. If it is for some strange reason, then two GRE interfaces are required: one for Host A - Juniper, the other for Juniper - Linux.
Host A: 10.0.0.10
Host B: 10.255.0.10
Juniper public: 1.1.1.1
Juniper GRE private: 192.168.0.1/30
Linux public: 130.130.130.130
Linux GRE private: 192.168.0.2/30
To get Host A and Host B communicating, you need the following:
1) GRE tunnel between Juniper and Linux.
Juniper tunnel source=1.1.1.1, tunnel dest=130.130.130.130
Linux tunnel source=130.130.130.130, tunnel dest=1.1.1.1
2) Addressing on the GRE interface:
Juniper - 192.168.0.1/30
Linux - 192.168.0.2/30
3) Routes on Juniper and Linux side
Juniper: route static 10.255.0.0/24 next-hop 192.168.0.2
Linux: route 10.0.0.0/24 next-hop 192.168.0.1 (not exact command)
* This assumes that Host A default routes to Juniper and Host B default routes to Linux.
4) Host A and Host B communicate
10.0.0.10 <==> 10.255.0.10
The last unknown is the filter specified on the GRE interface itself. I don't know whether or not the intent was that the filter would determine what should get tunneled. From your statement, it sounds like that is the case. In reality though, the filter is actually a packet filter on data that is already inside the GRE tunnel; it has nothing to do with what actually goes into the tunnel. What goes into the tunnel is determine by the routes in step 3.
Does that make sense?
-Chad