Hello All:
I'm trying to get OSPF up over IPsec. We have two IPsec tunnels, a primary and
a secondary that our spoke router can use. We want to have the spoke router
run OSPF across both and then in case of a failure of the primary hub router
(where the primary IPsec tunnel terminates) OSPF will direct traffic over the
backup tunnel to the backup hub.
So far I have seen OSPF on the spoke router come up just a couple of times but
only to one or the other peer. It never has come up to both peers. Here are
my configurations for OSPF and the services interfaces below. Also BGP is up
on all routers and all routers are reachable via BGP.
If anyeone can guide me in the right direction to get OSPF working over IPsec
that would be most apprectiated!
Spoke router:
[edit]
Devin@SRX210-2# show protocols ospf
area 0.0.0.2 {
interface st0.0 {
interface-type p2p;
neighbor 10.10.10.1;
}
interface st0.1 {
interface-type p2p;
neighbor 10.10.11.1;
}
}
[edit]
Devin@SRX210-2# show interfaces st0
unit 0 {
point-to-point;
family inet {
address 10.10.10.2/30;
}
}
unit 1 {
point-to-point;
family inet {
address 10.10.11.2/30;
}
}
Primary Hub router:
[edit]
Devin@M7i-1# show protocols ospf
area 0.0.0.2 {
interface sp-1/2/0.1 {
interface-type p2p;
neighbor 10.10.10.2;
}
}
[edit]
Devin@M7i-1# show interfaces sp-1/2/0
unit 1 {
point-to-point;
family inet {
address 10.10.10.1/30;
}
service-domain inside;
}
unit 2 {
family inet;
service-domain outside;
}
Backup hub router:
[edit]
Devin@J4350-1# show protocols ospf
area 0.0.0.2 {
interface st0.0 {
interface-type p2p;
neighbor 10.10.11.2;
}
}
[edit]
Devin@J4350-1# show interfaces st0
unit 0 {
point-to-point;
family inet {
address 10.10.11.1/30;
}
}
DJ
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
