SRX ( st0 interface 192.168.127.1 )
set interfaces st0 unit 0 family inet
set interfaces st0 unit 16 family inet address 192.168.127.1/30
FGT ( GCM interface 192.168.127.2 )
config system interface
edit "GCM"
set vdom "root"
set ip 192.168.127.2 255.255.255.255
set allowaccess ping
set type tunnel
set remote-ip 192.168.127.1 255.255.255.252
set snmp-index 14
set interface "wan1"
next
end
The configures are simple and you can now use the following commands to confirm;
SRX
FGT
Since this interface is a route-based, you can also run "diag sniffer packet" cmds for inspecting BGP traffic
e.g
diag sniffer packet <tunnel name> " port 179"
In large deployments with a lot of networks, it's ideal to BGP advertises those networks that you want to send vrs installing manual static routes.
On JunOS you can modify route-advertisements within the route-filter per-each peer or group
Now the fortiO will see the routes modified once applied, no need to reset any BGP peers
BGP table
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment