Where should i add the command to ignore mtu mismatch? Also router id is specified under routing-options.
Il add the config of both devices (lab environment and both routers are directly connected).
SRX:
version 15.1X49-D120.3;
system {
host-name SRX1;
root-authentication {
encrypted-password "..."; ## SECRET-DATA
}
services {
ssh;
web-management {
http;
}
}
}
security {
ike {
proposal ike-phase1-proposal {
authentication-method pre-shared-keys;
dh-group group2;
authentication-algorithm sha1;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
policy ike-phase1-policy {
mode main;
proposals ike-phase1-proposal;
pre-shared-key ascii-text "juniper"; ## SECRET-DATA
}
gateway gw-vpn {
ike-policy ike-phase1-policy;
address 195.90.100.12;
no-nat-traversal;
local-identity inet 195.90.100.10;
remote-identity inet 195.90.100.12;
external-interface xe-2/2/0;
}
}
ipsec {
proposal ipsec-phase2-proposal {
protocol esp;
authentication-algorithm hmac-sha1-96;
encryption-algorithm aes-128-cbc;
lifetime-seconds 3600;
}
policy ipsec-phase2-policy {
perfect-forward-secrecy {
keys group2;
}
proposals ipsec-phase2-proposal;
}
vpn ike-vpn {
bind-interface st0.0;
ike {
gateway gw-vpn;
proxy-identity {
local 10.255.7.97/32;
remote 10.255.7.98/32;
service any;
}
ipsec-policy ipsec-phase2-policy;
}
establish-tunnels immediately;
}
}
policies {
default-policy {
permit-all;
}
}
zones {
security-zone Sise {
interfaces {
ge-2/1/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone Uplink {
interfaces {
xe-2/2/0.0 {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
}
}
}
security-zone vpn {
host-inbound-traffic {
system-services {
all;
}
protocols {
all;
}
}
interfaces {
st0.0;
lo0.0;
gr-0/0/0.0;
}
}
}
}
interfaces {
gr-0/0/0 {
unit 0 {
tunnel {
source 10.255.7.97;
destination 10.255.7.98;
}
family inet {
address 192.168.1.1/24;
}
}
}
ge-2/1/0 {
description Sisev6rk;
unit 0 {
family inet {
address 192.168.3.253/24 {
vrrp-group 1 {
virtual-address 192.168.3.1;
priority 200;
preempt;
accept-data;
}
}
}
}
}
xe-2/2/0 {
unit 0 {
family inet {
address 195.90.100.10/29;
}
}
}
fxp0 {
description Management;
unit 0 {
family inet {
address 10.200.200.1/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.255.7.97/32;
}
}
}
st0 {
unit 0 {
family inet;
}
}
}
routing-options {
static {
route 10.255.7.98/32 next-hop st0.0;
route 192.168.88.0/24 next-hop gr-0/0/0.0;
}
router-id 192.168.3.1;
}
protocols {
ospf {
traceoptions {
file ospf.log;
flag error;
flag database-description;
flag event;
inactive: flag hello detail;
}
area 1.1.1.1 {
interface gr-0/0/0.0 {
authentication {
md5 1 key "juniper"; ## SECRET-DATA
}
}
}
}
}Mikrotik:
/interface bridge
add fast-forward=no name=Lo0
add fast-forward=no name=sise
/interface ethernet
set [ find default-name=ether2 ] comment=Sise
set [ find default-name=ether3 ] disabled=yes
set [ find default-name=ether4 ] disabled=yes
set [ find default-name=ether5 ] disabled=yes
set [ find default-name=ether6 ] disabled=yes
set [ find default-name=ether7 ] disabled=yes
set [ find default-name=ether8 ] disabled=yes
set [ find default-name=sfp-sfpplus1 ] comment="V\E4lis"
/interface gre
add allow-fast-path=no clamp-tcp-mss=no !keepalive local-address=10.255.7.98 \
name=gre-tunnel1 remote-address=10.255.7.97
/interface list
add name=Discovery
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec proposal
set [ find default=yes ] disabled=yes
add enc-algorithms=aes-128-cbc name=proposal1
/routing ospf area
set [ find default=yes ] disabled=yes
/routing ospf instance
set [ find default=yes ] disabled=yes router-id=192.168.88.1
add name=ospf1 router-id=192.168.88.1
/routing ospf area
add area-id=1.1.1.1 instance=ospf1 name=area1
/interface bridge port
add bridge=sise interface=ether2
/ip neighbor discovery-settings
set discover-interface-list=Discovery
/interface list member
add interface=ether2 list=Discovery
/ip address
add address=192.168.88.1/24 interface=sise network=192.168.88.0
add address=195.90.100.12/29 interface=sfp-sfpplus1 network=195.90.100.8
add address=10.255.7.98 interface=Lo0 network=10.255.7.98
add address=192.168.1.2/24 interface=gre-tunnel1 network=192.168.1.0
/ip cloud
set update-time=no
/ip ipsec peer
add address=195.90.100.10/32 dh-group=modp1024 dpd-interval=disable-dpd \
enc-algorithm=aes-128 lifetime=30m nat-traversal=no secret=juniper
/ip ipsec policy
set 0 disabled=yes
add dst-address=10.255.7.97/32 proposal=proposal1 sa-dst-address=\
195.90.100.10 sa-src-address=195.90.100.12 src-address=10.255.7.98/32 \
tunnel=yes
/ip route
add distance=1 dst-address=10.255.7.97/32 gateway=Lo0
add distance=1 dst-address=192.168.3.0/24 gateway=gre-tunnel1
/routing ospf interface
add authentication=md5 authentication-key=juniper interface=gre-tunnel1 \
network-type=broadcast
/routing ospf network
add area=area1 network=192.168.1.0/24
/system logging
add topics=debug
/system routerboard settings
set silent-boot=no