I was finally able to get this working. I had to set the MTU's explicitly on each sub unit (I just set them to 1500). I guess the default MTU that the st0 and sp- interfaces use doesn't work well with OSPF.
-----Original Message----- From: juniper-nsp-boun...@puck.nether.net [mailto:juniper-nsp-boun...@puck.nether.net] On Behalf Of OBrien, Will Sent: Friday, April 29, 2011 10:08 AM To: Dale Shaw Cc: juniper-nsp@puck.nether.net Subject: Re: [j-nsp] Trying to get OSPF to work across IPsec for Redundancy We were using two tunnels to separate peers. 1 to a pci network and another for office workers to be on our normal user network. I will see if I can dig up details later today Will Sent from my iPad On Apr 29, 2011, at 9:05 AM, "Dale Shaw" <dale.s...@gmail.com> wrote: > Hi Stefan, > > On Friday, April 29, 2011, Stefan Fouant > <sfou...@shortestpathfirst.net> wrote: >> I have successfully built IPsec tunnels using a Secure Tunnel >> interface terminating in both 'virtual-router' and 'forwarding' >> Routing Instances using Junos 10.4R4.3. I also had no problems >> getting OSPF up and running using both Multipoint or Point-to-Point configurations. >> > > Interesting! > > Like Will, I've been bitten by the "OSPF over st0.x in a routing > instance" problem. For us it seems to pop up when there are multiple > tunnels (in discrete instances) established between the same peers. > > Did your testing happen to include the multiple tunnels scenario? > > Will, do you happen to have a PR # for the problem? We've experienced > it on 10.0R3 and R4. It's not widely supported in those releases but > Juniper initially told us it should work. It's the #1 reason we're > looking at 10.4. > > Cheers, > Dale _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp _______________________________________________ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp