Yes
[edit]
aarseniev@m120# set services service-set SS1 ipsec-vpn-options
local-gateway ?
Possible completions:
<address> Local gateway address
routing-instance Name of routing instance that hosts local
gateway <=====!!!! CHECK THIS OUT!!!
aarseniev@m120> show version
Hostname: m120
Model: m120
JUNOS Base OS boot [10.4S7.1]
HTH
Thanks
Alex
On 12/11/2013 16:05, Scott Harvanek wrote:
Anyone with any ideas on this?
Scott H.
On 11/9/13, 12:58 PM, Scott Harvanek wrote:
Is there a way to build a IPSec tunnel / service interface where the
local gateway is NOT in the same routing-instance as the service
interface?
Here's what I'm trying to do;
[ router A (SRX) ] == Switch / IS-IS mesh == [ router B m10i ]
[ st0.0 / VRF ] ================= [ sp-0/0/0.0 / VRF ]
The problem is, I want sp-0/0/0.0 on router B in a VRF but NOT the
outside interface on router B, I cannot commit unless the
outside/local-gateway on the IPSec tunnel is in the same
routing-instance as the service interface, is there a way around
this? The SRX devices can do this without issue.
service-set XXXX {
interface-service {
service-interface sp-0/0/0.0; <-- want this in a VRF
}
ipsec-vpn-options {
local-gateway x.x.x.x; <-- default routing instance
}
ipsec-vpn-rules XXXX
}
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list juniper-nsp@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp
