SRX

 View Only
last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  Layer 2 tunnel over Layer 3 SRX

    Posted 02-25-2014 14:52

    Hi Experts,

     

    I am trying to form a layer 2 domain over layer 3 network. The topology is as follow. Any advice on how to do this is appreciated.

     

    LAN(192.168.1.0/24)->SRX<IPsec Tunnel>-->SRX-->lan (192.168.2.0/24)

     

     

    over Lans (192.168.1.0 and 2.0/24), i would like to form a layer 2 domain with virtual lan (192.168.3.0) so that devices behind the two lans will be in the same subenedt.

     

    I know I might need a tunnel like L2tp . any advice is appreciated.

     

     

    thank you,


    #SRX
    #IPSec
    #EX
    #L2TP


  • 2.  RE: Layer 2 tunnel over Layer 3 SRX

    Posted 02-25-2014 23:18

    Hi

     

    You can do VPLS over GRE over IPSec VPN to do it (hosts behind different SRX firewalls in the same broadcast domain, communicating via VPN):

     

    http://www.juniper.net/techpubs/en_US/junos11.4/information-products/topic-collections/security/software-all/mpls/index.html?topic-63222.html

     

    But the config will be rather complicated, I would say.



  • 3.  RE: Layer 2 tunnel over Layer 3 SRX

    Posted 02-26-2014 07:08

    Hi Petr,

     

    Thank you for your reply. Can you please give me a break down of what I need to do on each devices? I would like to test it out in the lab.

     

    the Topology is as follow;

     

    Vlan1-<EX4200>->SRX<IPSec VPN>SRX-><EX4200>Vlan2

     

     

    Also, I wonder why i cannot use L2TP because I just want to connect 2 sites with virtual lan and feed that route back in the main routing domain so that vlan1 and vlan2 can reach it.

     

    is it possible?

     

    Thank you,

     



  • 4.  RE: Layer 2 tunnel over Layer 3 SRX
    Best Answer

    Posted 02-26-2014 10:10

    Hi

     

    L2TP is just not supported on SRX.

     

    You can find discussion relevant to L2 VPN config on SRX in the following blogs (and

    anything else you can find via Google)

    http://ipengineer.net/2013/06/junos-vlan-stretch-srx-branch-who-needs-ciscos-otv/

    http://prolixium.com/blog?id=976



  • 5.  RE: Layer 2 tunnel over Layer 3 SRX

    Posted 02-28-2014 14:07

    Thank you, I was able to test it out in the lab.



  • 6.  RE: Layer 2 tunnel over Layer 3 SRX

    Posted 02-28-2014 14:14

    And what was left of the MTU size in the end?



  • 7.  RE: Layer 2 tunnel over Layer 3 SRX

    Posted 03-04-2014 13:23

    i was able to ping using 1470 with do-not-fragement bit on.

     

    is there another way to confirm this?

     

    also, do you know this set up is supported on a SRX cluster ?