[j-nsp] Trying to get OSPF to work across IPsec for Redundancy
Devin Kennedy
devinkennedy415 at hotmail.com
Thu Apr 21 11:33:21 EDT 2011
Hello All:
I'm trying to get OSPF up over IPsec. We have two IPsec tunnels, a primary and a secondary that our spoke router can use. We want to have the spoke router run OSPF across both and then in case of a failure of the primary hub router (where the primary IPsec tunnel terminates) OSPF will direct traffic over the backup tunnel to the backup hub.
So far I have seen OSPF on the spoke router come up just a couple of times but only to one or the other peer. It never has come up to both peers. Here are my configurations for OSPF and the services interfaces below. Also BGP is up on all routers and all routers are reachable via BGP.
If anyeone can guide me in the right direction to get OSPF working over IPsec that would be most apprectiated!
Spoke router:
[edit]
Devin at SRX210-2# show protocols ospf
area 0.0.0.2 {
interface st0.0 {
interface-type p2p;
neighbor 10.10.10.1;
}
interface st0.1 {
interface-type p2p;
neighbor 10.10.11.1;
}
}
[edit]
Devin at SRX210-2# show interfaces st0
unit 0 {
point-to-point;
family inet {
address 10.10.10.2/30;
}
}
unit 1 {
point-to-point;
family inet {
address 10.10.11.2/30;
}
}
Primary Hub router:
[edit]
Devin at M7i-1# show protocols ospf
area 0.0.0.2 {
interface sp-1/2/0.1 {
interface-type p2p;
neighbor 10.10.10.2;
}
}
[edit]
Devin at M7i-1# show interfaces sp-1/2/0
unit 1 {
point-to-point;
family inet {
address 10.10.10.1/30;
}
service-domain inside;
}
unit 2 {
family inet;
service-domain outside;
}
Backup hub router:
[edit]
Devin at J4350-1# show protocols ospf
area 0.0.0.2 {
interface st0.0 {
interface-type p2p;
neighbor 10.10.11.2;
}
}
[edit]
Devin at J4350-1# show interfaces st0
unit 0 {
point-to-point;
family inet {
address 10.10.11.1/30;
}
}
DJ
More information about the juniper-nsp
mailing list