[j-nsp] M-series IPSEC / SP interface and VRF

Scott Harvanek scott.harvanek at login.com
Tue Nov 12 11:35:47 EST 2013 

Alex,

Yea, tried this but it looks like you can't set it to the default inet.0 
instance, only to things different... the local gw in my case is in the 
default instance and I want the service interface in another so unless 
I'm mistaken it's in default by default and this fails?

Scott H.

On 11/12/13, 11:22 AM, Alex Arseniev wrote:
> Yes
>
> [edit]
> aarseniev at m120# set services service-set SS1 ipsec-vpn-options 
> local-gateway ?
> Possible completions:
>   <address>            Local gateway address
>   routing-instance     Name of routing instance that hosts local 
> gateway <=====!!!! CHECK THIS OUT!!!
> aarseniev at m120> show version
> Hostname: m120
> Model: m120
> JUNOS Base OS boot [10.4S7.1]
>
> HTH
> Thanks
> Alex
>
> On 12/11/2013 16:05, Scott Harvanek wrote:
>> Anyone with any ideas on this?
>>
>> Scott H.
>>
>> On 11/9/13, 12:58 PM, Scott Harvanek wrote:
>>> Is there a way to build a IPSec tunnel / service interface where the 
>>> local gateway is NOT in the same routing-instance as the service 
>>> interface?
>>>
>>> Here's what I'm trying to do;
>>>
>>> [ router A (SRX) ] == Switch / IS-IS mesh == [ router B m10i ]
>>> [ st0.0 / VRF ] ================= [ sp-0/0/0.0 / VRF ]
>>>
>>> The problem is, I want sp-0/0/0.0 on router B in a VRF but NOT the 
>>> outside interface on router B, I cannot commit unless the 
>>> outside/local-gateway on the IPSec tunnel is in the same 
>>> routing-instance as the service interface, is there a way around 
>>> this? The SRX devices can do this without issue.
>>>
>>> service-set XXXX {
>>>     interface-service {
>>>         service-interface sp-0/0/0.0; <-- want this in a VRF
>>>     }
>>>     ipsec-vpn-options {
>>>         local-gateway x.x.x.x; <-- default routing instance
>>>     }
>>>     ipsec-vpn-rules XXXX
>>> }
>>>
>>
>> _______________________________________________
>> juniper-nsp mailing list juniper-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/juniper-nsp
>
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

More information about the juniper-nsp mailing list