[j-nsp] SRX - multipoint st0 tunnel interface and static route

Per Westerlund p1 at westerlund.se
Fri Sep 14 08:55:11 EDT 2012


The only way to handle this that I know of is FBF, in this case to implement source-based-routing. You have to pick a different tunnel depending on which source address you see.

I don't have access to my systems right now so I can't send an example, but there are plenty of examples on either in Juniper KB or Juniper forums. The common use case is with 2 default routes to 2 different ISPs, and having to chose one or the other based on what local IP address is used.

/Per Westerlund

14 sep 2012 kl. 14:16 skrev pkc_mls:

> Le 14/09/2012 11:51, Mark Menzies a écrit :
>> 
>> How do you route to the remote nets?  Do you have the 2 routes set up on the SRX to send it to the st0 interface?  If you do, then we do need NHTB set up to dictate which VPN the traffic goes down when it arrives at st0.
>> 
> There is only one remote net.
> 
>> Alternatively, set up 2 tunnel interfaces, ie st0.0 and st0.1 and bind each VPN to its own tunnel interface.
>> 
> I can use two tunnel interface, and the route to the same network via those two interfaces, but then as the remote gateway is the same, I don't have any option to indicate the correct tunnel interface from each local network.
>> Also, can you let us know what this reroute error message is?
>> 
>> 
> something like
> packet dropped re-route failed
> I'll copy the exact message later on.
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp




More information about the juniper-nsp mailing list