SRX Services Gateway
Highlighted
SRX Services Gateway

Junos Equivalent of Front Door VRF

Tuesday

Hi Everyone,

 

In past, when I used Cisco routers, I configured tunnels with a front door VRF. As far as I'm aware, this is Cisco terminology.

 

Now I need to create a site-to-site VPN using an SRX at both ends. Is there a Junos equivalent of the front-door VRF?

 

 

Thanks

 

4 REPLIES 4
Highlighted
SRX Services Gateway

Re: Junos Equivalent of Front Door VRF

Tuesday

Hello Luke,

 

The Junos equivalent of Cisco's VRF is Routing Instances. Please check the following document for configuring the VPN in SRX in Routing Instance - https://www.juniper.net/documentation/en_US/junos/topics/topic-map/security-secure-tunnel-interface-...



Thanks,
π00bm@$t€®.
Please, Mark My Solution Accepted if it Helped, Kudos are Appreciated too!!!
Highlighted
SRX Services Gateway

Re: Junos Equivalent of Front Door VRF

Tuesday

Thanks for your reply, but I'm not asking about VRF-Lite.

I want to know if Juniper has an equivalent of a Front-Door VRF.

 

This is where a specific VRF (or routing-instance) is used as the underlay, and another VRF is the overlay.

For example, VRF-1 is the underlay, and has a default route over the internet. This VRF is used for building the tunnel, and establishing the IPSec SA's.

VRF-2 (of the global VRF) is the overlay. The tunnel interface is in this VRF. This VRF has a default route that pushes traffic over the tunnel.

 

Does Juniper have this?

Highlighted
SRX Services Gateway
Solution
Accepted by topic author Luke Robertson
Wednesday

Re: Junos Equivalent of Front Door VRF

Wednesday

With SRX you can have your IKE gateway address placed in one routing-instance (or global inet.0) and then terminate the decapsulated traffic into a different routing-instance... so from your description, I would say "yes" 🙂

 

You will just use route-based VPN with SRX gateways and then bind eg. st0.1 interface to routing-instance X and st0.2 to routing-instance Y.


--
Best regards,

Jonas Hauge Klingenberg
Juniper Ambassador & Technology Architect, SEC DATACOM A/S (Denmark)
Highlighted
SRX Services Gateway

Re: Junos Equivalent of Front Door VRF

Wednesday

That sounds like what I'm looking for, thanks!

 

I think I will need to lab this first... Off to jLabs I go!

Feedback