MDS 05-6632A01, Rev. F MDS Orbit MCR/ECR Technical Manual 437
C 10.0.1.0/24 is directly connected, GigabitEthernet0/1
L 10.0.1.1/32 is directly connected, GigabitEthernet0/1
172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.16.0.0/24 is directly connected, Tunnel0
L 172.16.0.1/32 is directly connected, Tunnel0
172.18.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.18.175.0/24 is directly connected, GigabitEthernet0/0
L 172.18.175.45/32 is directly connected, GigabitEthernet0/0
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
B 192.168.1.0/24 [20/0] via 172.16.0.3, 16:54:41
12.3 GRE/IPsec with Juniper JUNOS
In this example, we describe a sample configuration for a GRE/IPsec between Orbit MCR (2E1S) and
Juniepr SRX240 with IKEv2 pre-shared key authentication.
NOTE The Juniper JUNOS based devices do not support IPsec transport mode for data traffic.
Therefore, to protect GRE traffic one needs to setup IPsec tunnel instead of IPsec transport
mode connection. This leads to double tunneling- GRE tunnel within IPsec tunnel. Also, GRE
tunneling over IPsec tunnel is only supported for route-based tunnel setup.
Orbit
JUNOS SRX
Local LAN#1
192.168.1.0/24
Remote LAN#1
192.168.3.0/24
Customer
Network/
Internet
Cellular
network
GRE tunnel protected by transport-
mode IPsec connection carrying traffic
between local and remote LANs
Local LAN#2
192.168.2.0/24
Remote LAN#2
192.168.4.0/24
Orbit 12.3.1
12.3.1.1 Configuration
# Bridge/LAN#1 interface configuration
set interfaces interface Bridge type bridge
set interfaces interface Bridge ipv4 address 192.168.1.1 prefix-length 24
set interfaces interface Bridge filter input IN_TRUSTED
set interfaces interface Bridge filter output OUT_TRUSTED
set interfaces interface Bridge bridge-settings members port ETH1
To Next Page
Loading...
