[j-nsp] M-series IPSEC / SP interface and VRF
Scott Harvanek
scott.harvanek at login.com
Tue Nov 12 11:05:10 EST 2013
Anyone with any ideas on this?
Scott H.
On 11/9/13, 12:58 PM, Scott Harvanek wrote:
> Is there a way to build a IPSec tunnel / service interface where the
> local gateway is NOT in the same routing-instance as the service
> interface?
>
> Here's what I'm trying to do;
>
> [ router A (SRX) ] == Switch / IS-IS mesh == [ router B m10i ]
> [ st0.0 / VRF ] ================= [ sp-0/0/0.0 / VRF ]
>
> The problem is, I want sp-0/0/0.0 on router B in a VRF but NOT the
> outside interface on router B, I cannot commit unless the
> outside/local-gateway on the IPSec tunnel is in the same
> routing-instance as the service interface, is there a way around this?
> The SRX devices can do this without issue.
>
> service-set XXXX {
> interface-service {
> service-interface sp-0/0/0.0; <-- want this in a VRF
> }
> ipsec-vpn-options {
> local-gateway x.x.x.x; <-- default routing instance
> }
> ipsec-vpn-rules XXXX
> }
>
More information about the juniper-nsp
mailing list