[j-nsp] SRX100 for dual 100M uplink routing network in packet mode.
Mike Williams
mike.williams at comodo.com
Wed Nov 28 06:24:47 EST 2012
On Tuesday 27 November 2012 23:08:04 Michel de Nostredame wrote:
> PS: I just got a SRX100 and am going to do some POC with
> selective-packet-mode. Basically I want to route my traffic into GRE
> tunnel in packet-mode and route GRE packet over IPsec to remote SSG
> site in flow-mode because IPsec needs flow module. Hopefully this can
> suppress my session-table usage to only one for two records. I hate
> flow-mode JUNOS for a long long long time since J-series, but the SRX
> prices are simply irresistible.
Michel,
We wanted to do that with some SRX650s.
Doesn't work. Sorry.
Seems like some flag is on the packet saying it's packet-mode, which isn't
removed/reset when it's wrapped in a GRE header, so IPSec sees a packet-mode
packet and drops it.
This was with 10.4R6.5, we didn't get the chance to try anything newer.
--
Mike Williams
More information about the juniper-nsp
mailing list