Wednesday, June 6, 2018

Junos - IPSec VPN over LTE interface routing issues...

Hi Guys,

Bit of a weird one that I cant seem to bottom, was wondering if anybody could throw any light on it..

We have a Juniper SRX with an LTE PIM installed for cellular connectivity to the internet, we want to create an IPSEC VPN back to our HQ over this transport.

We have an all 0's route pointed down the st0 interface and a /32 host route pointed down the dl0 interface that connects to the internet (we cannot route to next hop as the dialler interface is DHCP and this could change - VPN is set to aggressive mode to mitigate this for the IPSec VPN side of things)

The weird thing is that the /32 host route to the head office public VPN address gets withdrawn from the routing table as soon as the all 0's default route gets installed - resulting in the IPsec tunnel being established and then ageing out, until the all 0's route gets withdrawn and the /32 route gets installed again - then this cycle starts again and again

I have always routed to next hops as opposed to exit interfaces for VPNs so I believe this may be part of the issue as I have never ran into anything like this before.

Does anyone have any ideas?

Thanks



No comments:

Post a Comment