[j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy

Stefan Fouant sfouant at shortestpathfirst.net
Fri Apr 29 09:13:45 EDT 2011


> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of OBrien, Will
> Sent: Friday, April 29, 2011 1:15 AM
> To: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] RES: Trying to get OSPF to work across IPsec for
> Redundancy
> 
> Actually...
> OSPF will work across an ipsec tunnel. Unfortunately, last time I
> checked, it wouldn't work across a tunnel that's terminated within a
> routing instance on a srx. The issue was confirmed by JTAC.
> We haven't tried it on 10.4 yet, but it's a known issue with older
> code.
> 
> OSPF just won't built a relationship across the tunnel.
> On the other hand, it works great across ipsec tunnels between
> netscreens.

I have successfully built IPsec tunnels using a Secure Tunnel interface
terminating in both 'virtual-router' and 'forwarding' Routing Instances
using Junos 10.4R4.3.  I also had no problems getting OSPF up and running
using both Multipoint or Point-to-Point configurations.

Stefan Fouant, CISSP, JNCIEx2
www.shortestpathfirst.net
GPG Key ID: 0xB4C956EC



More information about the juniper-nsp mailing list