SRX

 View Only
last person joined: 12 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  eBGP and IPSec VPN Loopback interfaces

    Posted 01-21-2014 18:22

    I am configuring an SRX240H2 to connect to an upstream provider. So far, I have put the st0.0 in a vpn zone, and am using the lo0.0 as the external interface (like an unnumbered tunnel).

     

    The challenge that I am having is that I need to configure eBGP through the VPN (route-based) tunnel to the other side. Can I just use the same lo0.0 interface for the BGP local address? On my ScreenOS box that I am replaceing, I can have multiple loopbacks so that I can have both an unnumbered tunnel off a loopback and the BGP off another loopback.

     

    I get this error on commit:

     

    'unit 1'
    if_instance: Multiple loopback interfaces not permitted in master routing instance
    error: configuration check-out failed

     

    I know that means that I have to now create two routing instances, but 1. I don't know how to do that (don't understand fully) and 2. Is there a way around that so that I can have both BGP through the VPN tunnel and the loopbacks?

     

    Thank you


    #vpn
    #BGP
    #loopback
    #IPSec


  • 2.  RE: eBGP and IPSec VPN Loopback interfaces
    Best Answer

    Posted 01-22-2014 05:55

    Hello,

     


    @RyGuy wrote:
    Can I just use the same lo0.0 interface for the BGP local address?

    Yes You can put >1 IP address on lo0.0 and source BGP from any of these IPs:

    set interfaces lo0.0 family inet address 198.18.1.1/32
    set interfaces lo0.0 family inet address 198.18.2.2/32
    set protocols bgp group eBGP neighbor 198.19.100.100 local-address 198.18.2.2
    set protocols bgp group eBGP neighbor 198.19.100.100 multihop ttl 5
    set routing-options static route 198.19.100.100/32 next-hop st0.0

     HTH

    Thanks

    Alex



  • 3.  RE: eBGP and IPSec VPN Loopback interfaces

    Posted 01-22-2014 06:08

    Thanks! That makes perfect sense!