[j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy
Keegan Holley
keegan.holley at sungard.com
Thu Apr 28 23:28:50 EDT 2011
I don't think OSPF carries multicast. I know cisco routers have a neighbor
statement that will force it to unicast hello's I've never tried it on a
juniper. I think if you do GRE over IPSEC (not to be confused with IPSEC
over GRE) the multicast will work as well. It depends on your endpoints
though, I don't think firewalls will do GRE.
On Thu, Apr 28, 2011 at 3:59 PM, Leonardo Gama Souza <
leonardo.souza at nec.com.br> wrote:
> > Hello All:
> >
> > I'm trying to get OSPF up over IPsec. We have two IPsec tunnels, a
> > primary and a secondary that our spoke router can use. We want to
> have
> > the spoke router run OSPF across both and then in case of a failure of
> > the primary hub router (where the primary IPsec tunnel terminates)
> OSPF
> > will direct traffic over the backup tunnel to the backup hub.
> >
> > So far I have seen OSPF on the spoke router come up just a couple of
> > times but only to one or the other peer. It never has come up to both
> > peers. Here are my configurations for OSPF and the services
> interfaces
> > below. Also BGP is up on all routers and all routers are reachable
> via
> > BGP.
> >
> > If anyeone can guide me in the right direction to get OSPF working
> over
> > IPsec that would be most apprectiated!
>
> As far as I know IPSec solely is not able to carry Multicast traffic.
> Are you using GRE over IPSec? If not, you may want to try unicast
> hellos.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
More information about the juniper-nsp
mailing list