Hi Experts,
I have two questions about GRE tunnel over IPsec:
http://kb.juniper.net/InfoCenter/index?page=content&id=KB19372&actp=search&viewlocale=en_US&searchid=1345331927176%3CBR%3E
(1) For the example config in above link, does the gr-0/0/0.0 must have a family inet address? Or only the tunnel source/destination address is a must? If family inet address is a must, and I have gr-0/0/0.0 and gr-0/0/0.1, then two family inet adress are needed? the IPsec is to a GRX partner for romaing, so the family inet address must be public IP? (I am doing swap from ISG to SRX5800, no family inet address from ISG. )
(2) For st0 interface of ipsec vpn, no family inet adress at all in the GRE over IPSEC example above. But for route-based VPN example, st0 has a family inet address. Both is fine? How to understand the difference and configure correctly? For the ISG to SRX migration now, there was no ipsec vpn IP on ISG, if st0 family inet is needed, I need to ask for this IP to the customer.
Thanks!!
BR/ Claire
↧