SRX Services Gateway
SRX Services Gateway

OSPF over mGRE over IPSec

‎10-29-2017 01:44 AM

Hi members,

My customers is running OSPF over mGRE over IPSec, all devices are Cisco products with topo hub and spokes.  Hub is running mGRE and NHRP (Next Hop Resolution Protocol) so GRE source on Hub just 01 address. I need change Hub with another device of Juniper (SRX1500), but i cant find any protocol on Juniper similar to run mGRE over IPSec. 

Pls help me!


SRX Services Gateway

Re: OSPF over mGRE over IPSec

‎10-29-2017 03:23 AM


Short answer - mGRE with NHRP is not supported in JUNOS.

Long answer - the closest JUNOS feature is called "dynamic tunnels" - BUT

1/ it is not supported on SRX series

2/ tunnels are established upon receiving a valid VPN route from distant tunnel endpoint 

When a router receives a VPN route that resolves over a BGP next hop that does not have an MPLS path, 
a GRE tunnel can be created dynamically

This could be a L3 VPN route or L2 VPN route.

If I were You, I'd look into another JUNOS feature that is supported on SRX and does not involve GRE - it is called AutoVPN

It supports OSPF without GRE and AFAIK, it supports CSCO spoke endpoints.






Please ask Your Juniper account team about Juniper Professional Services offerings.
Juniper PS can design, test & build the network/part of the network as per Your requirements


Accept as Solution = cool !
Accept as Solution+Kudo = You are a Star !
SRX Services Gateway

Re: OSPF over mGRE over IPSec

‎10-29-2017 11:17 PM

Tks Alex for your cmt.

I think i will try with OSPF over IPSec, on site Juniper use st0.0 and site Cisco use VTI (Virtual Tunnel interface). Have you any advice for your idea?