On Nov 29, 2012, at 12:53 AM, Tore Anderson wrote: > * Aaron Dewell > >> I haven't found an answer to this question (except for Cisco options >> which doesn't help me). I want to configure a static route to a DHCP >> interface on an SRX240. Here's the scenario: >> >> ge-0/0/0 connected to CX111 (4G modem/DHCP) >> t1-0/1/0 connected to an L3VPN (with BGP) >> st0.0 should connect over ge-0/0/0 >> >> The t1 is considered trusted, so we do not want to form the IPSec >> tunnel over it. There is a default route coming in via BGP on the >> T1. The goal: >> >> Statically route the IPSec tunnel endpoint over the 4G modem as a >> /32 >> Statically route 0/0 over st0.0 (and set precedence to >170, or set >> BGP down to 4) >> Receive 0/0 from BGP over the T1 (or alternately not, with no need to >> alter precedence, and use two next-hops for one static 0/0) >> >> The purpose is to have the tunnel up but not used until the T1 or BGP >> over it goes away. >> >> However, I cannot set ge-0/0/0.0 as the next-hop because it's not a >> point to point interface. I cannot set an IP address as the next-hop >> because I don't know when it will change. >> >> Any ideas on how to address that? > > I have no idea if this can be done or will work, but here's a suggestion > at least: > > Configure a static link network (e.g., 192.0.2.10/31) on ge-0/0/0.0 > in parallel with the DHCP client. Add a static ARP entry for 192.0.2.11 > pointing to the CX111's MAC address. Use 192.0.2.11 address as the next > hop for the static route to the remote IPSEC tunnel endpoint. > > Best regards, > -- > Tore Anderson > Redpill Linpro AS - http://www.redpill-linpro.com/
Ooooh, I like that idea. I'll give that a try. The other idea our SE suggested is a virtual router and configure the static route with next-table. But that requires 12.1R3 to fix the default route installed into inet.0 not the VR issue. I like your idea more than upgrades+VRs. Aaron _______________________________________________ juniper-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/juniper-nsp
