Alex,
Yea, tried this but it looks like you can't set it to the default inet.0
instance, only to things different... the local gw in my case is in the
default instance and I want the service interface in another so unless
I'm mistaken it's in default by default and this fails?
Scott H.
On 11/12/13, 11:22 AM, Alex Arseniev wrote:
Yes
[edit]
aarseniev@m120# set services service-set SS1 ipsec-vpn-options
local-gateway ?
Possible completions:
<address> Local gateway address
routing-instance Name of routing instance that hosts local
gateway <=====!!!! CHECK THIS OUT!!!
aarseniev@m120> show version
Hostname: m120
Model: m120
JUNOS Base OS boot [10.4S7.1]
HTH
Thanks
Alex
On 12/11/2013 16:05, Scott Harvanek wrote:
Anyone with any ideas on this?
Scott H.
On 11/9/13, 12:58 PM, Scott Harvanek wrote:
Is there a way to build a IPSec tunnel / service interface where the
local gateway is NOT in the same routing-instance as the service
interface?
Here's what I'm trying to do;
[ router A (SRX) ] == Switch / IS-IS mesh == [ router B m10i ]
[ st0.0 / VRF ] ================= [ sp-0/0/0.0 / VRF ]
The problem is, I want sp-0/0/0.0 on router B in a VRF but NOT the
outside interface on router B, I cannot commit unless the
outside/local-gateway on the IPSec tunnel is in the same
routing-instance as the service interface, is there a way around
this? The SRX devices can do this without issue.
service-set XXXX {
interface-service {
service-interface sp-0/0/0.0; <-- want this in a VRF
}
ipsec-vpn-options {
local-gateway x.x.x.x; <-- default routing instance
}
ipsec-vpn-rules XXXX
}
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
_______________________________________________
juniper-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/juniper-nsp
