Configuring Layer 3 VPN Tunnel Interfaces


To configure a Layer 3 VPN as the tunnel end point of a generic routing encapsulation (GRE) tunnel interface, you need to specify which routing table to search on the router, indicated by the destination IP address, so that the appropriate routing table can be searched for the routing prefix, because identical routing prefixes can appear in different routing tables. To configure a Layer 3 VPN as the tunnel end point of a tunnel interface, include the routing-instance statement:

 [edit interfaces  interface-name  unit  unit-number  tunnel { routing-instance {   destination  routing-instance-name  ; } 

You must also configure the GRE tunnel interface at the [edit routing-instance routing-instance-name ] hierarchy level. Otherwise, any prefix mentioned under family inet of that tunnel interface is placed in the default inet routing table.

To configure an encrypted tunnel interface for a Layer 3 VPN, you configure ES tunnel interfaces on the PE and CE routers, and you configure Internet Protocol Security (IPSec) on these routers. To configure these routers as tunnel end points of an ES tunnel interface, configure a tunnel on the ES interface:

 [edit]  interfaces {  interface-name  {     unit  unit-number  {       family mpls;       tunnel {         source  address  ;         destination  address  ;       }     }   } } 

Then associate the ES interface on the appropriate routing instance:

 [edit routing-instances]  routing-instance-name  {   interface  interface-name  ; } 


Juniper Networks Field Guide and Reference
Juniper Networks Field Guide and Reference
ISBN: 0321122445
EAN: 2147483647
Year: 2002
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net