Routing

Expand all | Collapse all

CoS + IPSec/GRE Tunnels

  • 1.  CoS + IPSec/GRE Tunnels

    Posted 12-06-2020 23:11
    Hi,

    I've been looking through some options for creating tunnels over the internet, while still including CoS. I'm using the SRX345 platform.
    I'm aware that I can use CoS with IPSec, which will create separate SA's for each forwarding class.

    I might need to use GRE tunnels within IPSec.  This is because I have two 'tenants' that I need to keep separate.
    I'm thinking something similar to this, but without the need for jumbo frames or MPLS:
    About This Network Configuration Example 

    If I have two GRE tunnels, will the IPSec tunnel still create a different SA per forwarding class, or will GRE break this behaviour?

    Thanks.


  • 2.  RE: CoS + IPSec/GRE Tunnels

     
    Posted 12-07-2020 09:44
    I think this is what you are looking for:

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/secuirty-cos-based-ipsec-vpns.html

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------



  • 3.  RE: CoS + IPSec/GRE Tunnels

    Posted 12-07-2020 15:52
    -------------------------------------------
    Original Message:
    Sent: 12-07-2020 09:44
    From: Yasmin Lara
    Subject: CoS + IPSec/GRE Tunnels

    I think this is what you are looking for:

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/secuirty-cos-based-ipsec-vpns.html

    Regards,

    ------------------------------
    Yasmin Lara
    Juniper Ambassador
    JNCIE-SP, JNCIE-ENT, JNCIE-DC, JNCIE-SEC
    JNCDS-DC, JNCIA-DevOps, JNCIP-CLOUD, CCNP-ENT
    ------------------------------

    Original Message:
    Sent: 12-06-2020 23:10
    From: Unknown User
    Subject: CoS + IPSec/GRE Tunnels

    Hi,

    I've been looking through some options for creating tunnels over the internet, while still including CoS. I'm using the SRX345 platform.
    I'm aware that I can use CoS with IPSec, which will create separate SA's for each forwarding class.

    I might need to use GRE tunnels within IPSec.  This is because I have two 'tenants' that I need to keep separate.
    I'm thinking something similar to this, but without the need for jumbo frames or MPLS:
    About This Network Configuration Example 

    If I have two GRE tunnels, will the IPSec tunnel still create a different SA per forwarding class, or will GRE break this behaviour?

    Thanks.