SRX

  • 1.  CoS + IPSec/GRE Tunnels

    Posted 12-06-2020 23:11
    Hi,

    I've been looking through some options for creating tunnels over the internet, while still including CoS. I'm using the SRX345 platform.
    I'm aware that I can use CoS with IPSec, which will create separate SA's for each forwarding class.

    I might need to use GRE tunnels within IPSec.  This is because I have two 'tenants' that I need to keep separate.
    I'm thinking something similar to this, but without the need for jumbo frames or MPLS:
    About This Network Configuration Example 

    If I have two GRE tunnels, will the IPSec tunnel still create a different SA per forwarding class, or will GRE break this behaviour?

    Thanks.