[j-nsp] RES: Trying to get OSPF to work across IPsec for Redundancy
OBrien, Will
ObrienH at missouri.edu
Fri Apr 29 09:16:28 EDT 2011
excellent.
Any dropped traffic issues?
On Apr 29, 2011, at 8:13 AM, Stefan Fouant wrote:
>> -----Original Message-----
>> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
>> bounces at puck.nether.net] On Behalf Of OBrien, Will
>> Sent: Friday, April 29, 2011 1:15 AM
>> To: juniper-nsp at puck.nether.net
>> Subject: Re: [j-nsp] RES: Trying to get OSPF to work across IPsec for
>> Redundancy
>>
>> Actually...
>> OSPF will work across an ipsec tunnel. Unfortunately, last time I
>> checked, it wouldn't work across a tunnel that's terminated within a
>> routing instance on a srx. The issue was confirmed by JTAC.
>> We haven't tried it on 10.4 yet, but it's a known issue with older
>> code.
>>
>> OSPF just won't built a relationship across the tunnel.
>> On the other hand, it works great across ipsec tunnels between
>> netscreens.
>
> I have successfully built IPsec tunnels using a Secure Tunnel interface
> terminating in both 'virtual-router' and 'forwarding' Routing Instances
> using Junos 10.4R4.3. I also had no problems getting OSPF up and running
> using both Multipoint or Point-to-Point configurations.
>
> Stefan Fouant, CISSP, JNCIEx2
> www.shortestpathfirst.net
> GPG Key ID: 0xB4C956EC
>
Will O'Brien
University of Missouri, DoIT DNPS
Network Systems Analyst - Redacted
obrienh at missouri.edu
More information about the juniper-nsp
mailing list