[j-nsp] ES PIC required for BGP-over-IPSEC?
Daniel Roesen
dr at cluenet.de
Fri Apr 16 15:20:38 EDT 2004
On Fri, Apr 16, 2004 at 12:04:14PM -0700, harry wrote:
> The following config commits for me; I suggest you add a mode transport, as
> the docs indicate tunnel mode is the default, and tunnel mode requires ES
> PIC. BGP from the RE should be in transport mode.
And this is well hidden in the description of "Tunnel mode". See my
other posting. :-)
> I noticed then when I pasted in your security config, I got a
> commit error before I even applied it to BGP. Something about
> the key not being the right size.
Sure... "..." was of course not the actual key used. Just wanted
to keep line length short.
> I would add the transport mode, however:
>
> [edit]
> lab at Sydney# show security
> ipsec {
> security-association ibgp {
> mode transport; <<<<<<<<<<<<<
> manual {
> direction bidirectional {
> protocol bundle;
This won't commit. transport mode is only supported with AH _or_
ESP, but not AH+ESP.
Best regards,
Daniel
More information about the juniper-nsp
mailing list