SRX Services Gateway
SRX Services Gateway

SRX OSPF over IPSec Tunnel

‎03-24-2014 01:08 PM

 

Hi Experts,

 

 

we are tring to connect two ABR routers (R1 and R2) thru ipsec tunnel on SRX devices in area 0 . The issue we are seeing is ospf adjanceny is a point to point. We would like it to have DR and BDR relation between the SRX so that if one goes down the other one will take over the backbone as a DR router.

 

any advie is well appreciated.

 

 

OSPF-topo.PNG

 

Thank you,

3 REPLIES 3
SRX Services Gateway
Solution
Accepted by topic author bc456
‎08-26-2015 01:27 AM

Re: SRX OSPF over IPSec Tunnel

‎03-24-2014 11:24 PM

Hello,

Below configuration will help you to accomplish the requirement.


First SRX
=========
set protocols ospf area 0.0.0.0 interface st0.0 interface-type nbma
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 1.1.1.3
set interfaces st0 unit 0 multipoint
set interfaces st0 unit 0 family inet mtu 1500
set interfaces st0 unit 0 family inet address 1.1.1.5/24


Second SRX
==========
set protocols ospf area 0.0.0.0 interface st0.0 interface-type nbma
set protocols ospf area 0.0.0.0 interface st0.0 neighbor 1.1.1.5
set interfaces st0 unit 0 multipoint
set interfaces st0 unit 0 family inet mtu 1500
set interfaces st0 unit 0 family inet address 1.1.1.3/24


-CK
Please mark My solution accepted if it helped you , your kudos are much appreciated ...

SRX Services Gateway

Re: SRX OSPF over IPSec Tunnel

‎03-26-2014 09:42 AM

 

 

Thank you, The config you gave work.

 

basically, what we are trying to do is extending the backbone area 0 and connect all the remote sites to SRX-R1 and SRX-R2 so that if SRX-R1 goes down, SRX-R2 should be able to take over.

 

However, if SRX-R1 and R2 both are operational, we want all the traffic go thru R1 to reach R2.

 

when we increase the cost on the link between R2 and R3, traffic behind R3 take the link between R1 and R2 but when it comes back it's taking the link between R2 and R3 becasue it's intra route is prefered over inter route and creating an asymetrix route.

 

do you know any way to solve this issue?

 

 

 

 

 

 

 

 

 

 

Thank you,

 

 

 

SRX Services Gateway

Re: SRX OSPF over IPSec Tunnel

‎03-26-2014 09:43 AM

ospf-topo1.PNG