Tag Archives: gre

GRE tunnel configuration in SRX

I will configure GRE (Generic Routing Encapsulation) between two Juniper SRX firewal devices. If you want to learn more about the protocol see RFC2784. I will just demonstrate how two networks can be connected to each other via a tunnel. I will also show how SRX security policy should be configured in order to pass the traffic through. Here is my topology;

srx-gre-tunnel-topology

1) Configure GRE interfaces on both sides

Interface configuration is pretty obvious if you have a look at my topology.
source address is the real interface address facing towards the remote device.
destination address is the real interface address accepting the packets.

Documentation says that gre interface IP address e.g 10.10.10.1 isn’t mandatory i.e unnumbered GRE is possible but what I have seen is that if you leave it unassigned, routes that you forward to this interface as next-hop won’t be installed into the routing table.

Note: According to feedback from blog reader kroozo, setting “family inet” is sufficient for route to be installed.

Continue reading