SRX Services Gateway
SRX Services Gateway

St0 interface stays up

[ Edited ]
‎07-19-2016 01:57 PM

Hi,

 

i have an ipsec tunnel between a srx and end device using route based vpn. I am using ebgp to advertise this end device IP address to the rest of the network. So what i want to achieve is to create a routing policy to export exact static routes to the bgp neighbour, this now the static route via the tunnel. Problem  i am facing is when the ipsec  tunnel  is down the  st0 interface stays up, therefore the static route stays active and the routes keeps on being advertised via bgp. Can anyone explain this behaviour and what is a possible solution.

 

thanks

1 REPLY 1
SRX Services Gateway

Re: St0 interface stays up

‎07-19-2016 03:58 PM

The tunnel interface is a virtual interface that stays up at all times.  You can configure VPN monitor to detect when the VPN is down and bring down the tunnel interface while the VPN is not active.  This will then remove the static route from the active table.

 

https://kb.juniper.net/InfoCenter/index?page=content&id=KB10119

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home