[j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy
Doug Hanks
dhanks at juniper.net
Thu Apr 28 23:51:52 EDT 2011
set proto ospf area <area> <interface> neighbor <neighbor ip>
-----Original Message-----
From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-bounces at puck.nether.net] On Behalf Of Keegan Holley
Sent: Thursday, April 28, 2011 8:29 PM
To: Leonardo Gama Souza
Cc: juniper-nsp at puck.nether.net
Subject: Re: [j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy
I don't think OSPF carries multicast. I know cisco routers have a neighbor
statement that will force it to unicast hello's I've never tried it on a
juniper. I think if you do GRE over IPSEC (not to be confused with IPSEC
over GRE) the multicast will work as well. It depends on your endpoints
though, I don't think firewalls will do GRE.
On Thu, Apr 28, 2011 at 3:59 PM, Leonardo Gama Souza <
leonardo.souza at nec.com.br> wrote:
> > Hello All:
> >
> > I'm trying to get OSPF up over IPsec. We have two IPsec tunnels, a
> > primary and a secondary that our spoke router can use. We want to
> have
> > the spoke router run OSPF across both and then in case of a failure of
> > the primary hub router (where the primary IPsec tunnel terminates)
> OSPF
> > will direct traffic over the backup tunnel to the backup hub.
> >
> > So far I have seen OSPF on the spoke router come up just a couple of
> > times but only to one or the other peer. It never has come up to both
> > peers. Here are my configurations for OSPF and the services
> interfaces
> > below. Also BGP is up on all routers and all routers are reachable
> via
> > BGP.
> >
> > If anyeone can guide me in the right direction to get OSPF working
> over
> > IPsec that would be most apprectiated!
>
> As far as I know IPSec solely is not able to carry Multicast traffic.
> Are you using GRE over IPSec? If not, you may want to try unicast
> hellos.
>
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
_______________________________________________
juniper-nsp mailing list juniper-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
More information about the juniper-nsp
mailing list