Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Troubleshooting Juniper-Cisco Layer3 VPN

Hi Folks,

I am trying to simulate Layer3 VPN between Juniper  J2320 and Cisco 2611. However it seems that Juniper router is not  sending VPN routes to Cisco router. I have verified the LDP, BGP and  OSPF they are all operational. The attached document has got the  configuration of Juniper and Cisco. Please help me out to fix this. This  set up is in my home lab. PLEASE REFER ATTACHED DOCUMENT.

show configuration

## Last commit: 2013-07-12 10:22:37 UTC by root

version 10.0R4.7;

system {

   root-authentication {

       encrypted-password "$1$UaKIM2Vv$cLACzAalf5.QhCdfoqmNZ0"; ## SECRET-DATA

   }

   services {

       ssh;

       telnet;

      web-management {

           http {

               interface ge-0/0/0.0;

           }

       }

   }

   syslog {

       user * {

           any emergency;

       }

       file messages {

           any any;

           authorization info;

      }

---(more)---

       file interactive-commands {

           interactive-commands any;

       }

   }

   license {

       autoupdate {

           url https://ae1.juniper.net/junos/key_retrieval;

       }

   }

}

interfaces {

   ge-0/0/0 {

       unit 0;

   }

   fe-0/0/1 {

       unit 0;

   }

   ge-0/0/1 {

       unit 0 {

           family inet {

               address 200.200.200.1/24;

           }

       }

---(more 33%)---

   }

   ge-0/0/2 {

       unit 0 {

           family inet {

               address 220.225.33.1/24;

           }

           family mpls;

       }

   }

   lo0 {

       unit 0 {

           family inet {

               address 97.9.15.1/24;

           }

       }

   }

}

routing-options {

   router-id 97.9.15.1;

   autonomous-system 200;

}

protocols {

   mpls {

---(more 49%)---

       interface ge-0/0/2.0;

   }

   bgp {

       group SESSION-ROUTER2600 {

           type internal;

            peer-as 200;

           neighbor 97.9.15.2;

       }

   }

   ospf {

       area 0.0.0.0 {

           interface ge-0/0/2.0;

           interface lo0.0;

       }

   }

   ldp {

       interface ge-0/0/2.0;

   }

}

policy-options {

   policy-statement London_Export {

       term 1 {

           from protocol static;

---(more 66%)---

           then {

               community add London;

               accept;

           }

       }

       term 2 {

           then reject;

       }

   }

   policy-statement London_Import {

       term 1 {

           from {

               protocol bgp;

               community London;

           }

           then accept;

       }

       term 2 {

           then reject;

        }

   }

   community London members target:200:200;

}

---(more 82%)---

security {

   forwarding-options {

       family {

           mpls {

               mode packet-based;

           }

       }

   }

}

routing-instances {

    London {

       instance-type vrf;

       interface ge-0/0/1.0;

       route-distinguisher 200:200;

       vrf-import London_Import;

       vrf-export London_Export;

       vrf-target target:200:200;

       routing-options {

           static {

               route 0.0.0.0/0 next-hop 200.200.200.2;

           }

       }

   }

---(more 99%)---

}

root> show route table bgp.l3vpn.0

error: No routing tables matching specification.

root> show route table inet.3

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 07:08:08, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0

show route table inet.3

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 07:08:08, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0

root> show route table mpls.0

mpls.0: 5 destinations, 5 routes (5 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

0                 *[MPLS/0] 07:28:07, metric 1

                     Receive

1                 *[MPLS/0] 07:28:07, metric 1

                     Receive

2                 *[MPLS/0] 07:28:07, metric 1

                     Receive

299776             *[LDP/9] 07:08:55, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

299776(S=0)       *[LDP/9] 07:08:55, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

root> show route table inet.0

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.0/24       *[Direct/0] 10:06:49

                   > via lo0.0

97.9.15.1/32       *[Local/0] 10:06:49

                      Local via lo0.0

97.9.15.2/32       *[OSPF/10] 10:18:26, metric 2

                   > to 220.225.33.2 via ge-0/0/2.0

220.225.33.0/24   *[Direct/0] 10:19:12

                   > via ge-0/0/2.0

220.225.33.1/32   *[Local/0] 10:42:15

                      Local via ge-0/0/2.0

224.0.0.5/32       *[OSPF/10] 10:42:44, metric 1

                     MultiRecv

root> show route table inet.3

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 07:10:21, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0

root>

Cisco 2611 Configuration

show run

Building configuration...

Current configuration : 1830 bytes

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

hostname Hanuman

boot-start-marker

boot-end-marker

enable secret 5 $1$RMZ5$60IY29i1BBont51p.5gPM/

enable password password

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

--More--        

no ip domain lookup

ip vrf London

rd 200:200

route-target export 200:200

route-target import 200:200

ip audit po max-events 100

mpls label protocol ldp

tag-switching tdp router-id Loopback0

interface Loopback0

ip address 97.9.15.2 255.255.255.255

interface FastEthernet0/0

ip address 220.225.33.2 255.255.255.0

duplex auto

speed auto

tag-switching ip

no cdp enable

interface FastEthernet0/1

ip vrf forwarding London

ip address 10.255.8.1 255.255.255.0

duplex auto

speed auto

--More--         no cdp enable

router ospf 200

router-id 97.9.15.2

log-adjacency-changes

network 97.9.15.0 0.0.0.255 area 0

network 220.225.33.0 0.0.0.255 area 0

router bgp 200

bgp log-neighbor-changes

neighbor 97.9.15.1 remote-as 200

neighbor 97.9.15.1 update-source Loopback0

address-family ipv4

no neighbor 97.9.15.1 activate

no auto-summary

no synchronization

exit-address-family

address-family vpnv4

neighbor 97.9.15.1 activate

neighbor 97.9.15.1 send-community both

exit-address-family

--More--        

address-family ipv4 vrf London

redistribute static

no auto-summary

no synchronization

exit-address-family

ip classless

ip route vrf London 10.255.8.0 255.255.255.0 10.255.8.2

no ip http server

no ip http secure-server

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

no cdp run

line con 0

line aux 0

line vty 0 4

exec-timeout 35791 0

password password

login

end

Hanuman#show ver

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-ADVENTERPRISEK9-M), Version 12.3(24), RELEASE SOFTWARE (fc4)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by cisco Systems, Inc.

Compiled Thu 18-Oct-07 14:27 by stshen

Image text-base: 0x80008098, data-base: 0x82050B80

ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)

Hanuman uptime is 10 hours, 1 minute

System returned to ROM by power-on

System image file is "flash:c2600-adventerprisek9-mz.123-24.bin"

cisco 2611XM (MPC860P) processor (revision 0x301) with 126976K/4096K bytes of memory.

Processor board ID FOC08375E4Q (1102326369)

M860 processor: part number 5, mask 2

Bridging software.

X.25 software, Version 3.0.0.

SuperLAT software (copyright 1990 by Meridian Technology Corp).

TN3270 Emulation software.

2 FastEthernet/IEEE 802.3 interface(s)

32K bytes of non-volatile configuration memory.

32768K bytes of processor board System flash (Read/Write)

Configuration register is 0x2142

Hanuman#sh mpls forwarding-table 97.9.15.1

Local Outgoing   Prefix           Bytes tag Outgoing   Next Hop

tag   tag or VC   or Tunnel Id     switched   interface

16     Pop tag     97.9.15.1/32     0         Fa0/0     220.225.33.1

Hanuman#sh ip bgp vpnv4 vrf London 97.9.15.1

% Network not in table

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

Do you do extended or regular ping? If you do regular ping, the egress interface ip address is used as the source of the ping packets. This would be an issue in your case as only the cisco side redistributes the PE-CE link.

You either need to do an extended ping using one of the loopback interface ip addresses as the source or redistribute the PE-CE link on the juniper side as well as follow:

policy-options {

   policy-statement London_Export {

       term 1 {

           from protocol static direct;

           then {

               community add London;

               accept;

           }

       }

       term 2 {

           then reject;

       }

   }

You might also want to configure vrf-table-label under the routing instance London.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
8 REPLIES
Cisco Employee

Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

The first thing I note, is that the family inet-vpn is not configured for the ibgp session on the Juniper side, hence you are getting the following error message:

root> show route table bgp.l3vpn.0

error: No routing tables matching specification.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Troubleshooting Juniper-Cisco Layer3 VPN

Hi Harold ,

Here is the configuration of Juniper and Cisco. It seems that VPN routes are not being exchanged between these folks. Please help me out.

root@IBHANAN# run show route table inet.3

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 00:01:31, metric 1
                    > to 220.225.33.2 via ge-0/0/2.0


root@IBHANAN# run show route table inet.0

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

97.9.15.0/24       *[Direct/0] 00:46:28
                    > via lo0.0
97.9.15.1/32       *[Local/0] 00:46:28
                      Local via lo0.0
97.9.15.2/32       *[OSPF/10] 00:19:19, metric 2
                    > to 220.225.33.2 via ge-0/0/2.0
220.225.33.0/24    *[Direct/0] 00:20:05
                    > via ge-0/0/2.0
220.225.33.1/32    *[Local/0] 00:46:00
                      Local via ge-0/0/2.0
224.0.0.5/32       *[OSPF/10] 00:46:29, metric 1
                      MultiRecv

root@IBHANAN> show route table mpls.0

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both

0                  *[MPLS/0] 00:48:15, metric 1
                      Receive
1                  *[MPLS/0] 00:48:15, metric 1
                      Receive
2                  *[MPLS/0] 00:48:15, metric 1
                      Receive
299776             *[LDP/9] 00:20:51, metric 1
                    > to 220.225.33.2 via ge-0/0/2.0, Pop
299776(S=0)        *[LDP/9] 00:20:51, metric 1
                    > to 220.225.33.2 via ge-0/0/2.0, Pop
299792             *[VPN/170] 00:20:41
                    > to 200.200.200.2 via ge-0/0/1.0, Pop

root@IBHANAN> show ldp database
Input label database, 97.9.15.1:0--97.9.15.2:0
  Label     Prefix
     17     97.9.15.0/24
     16     97.9.15.1/32
      3     97.9.15.2/32
      3     220.225.33.0/24

Output label database, 97.9.15.1:0--97.9.15.2:0
  Label     Prefix
      3     97.9.15.1/32
299776     97.9.15.2/32


root@IBHANAN> show ldp database
Input label database, 97.9.15.1:0--97.9.15.2:0
  Label     Prefix
     17     97.9.15.0/24
     16     97.9.15.1/32
      3     97.9.15.2/32
      3     220.225.33.0/24

Output label database, 97.9.15.1:0--97.9.15.2:0
  Label     Prefix
      3     97.9.15.1/32
299776     97.9.15.2/32

root@IBHANAN> show ldp neighbor
Address            Interface          Label space ID         Hold time
220.225.33.2       ge-0/0/2.0         97.9.15.2:0              12


---------------------------------------------------------------------------
SHOW RUN
----------------------------------------------------------------------------

root@IBHANAN# run show configuration
## Last commit: 2013-07-15 23:40:27 IST by root
version 10.0R4.7;

interfaces {
    ge-0/0/0 {
        unit 0;
    }
    fe-0/0/1 {
        unit 0;
    }
    ge-0/0/1 {
        unit 0 {
            family inet {
                address 200.200.200.1/24;
            }
        }
    }
    ge-0/0/2 {
        unit 0 {
            family inet {
                address 220.225.33.1/24;
            }
            family mpls;
        }
    }
    lo0 {
        unit 0 {
            family inet {
                address 97.9.15.1/24;
            }
        }
    }
}
routing-options {
    router-id 97.9.15.1;
    autonomous-system 200;
}
protocols {
    mpls {
        interface ge-0/0/2.0;
    }
    bgp {
        group SESSION-ROUTER2600 {
            type internal;
            family inet-vpn {
                unicast;
            }
            peer-as 200;
            neighbor 97.9.15.2;
        }
    }
    ospf {
        area 0.0.0.0 {
            interface ge-0/0/2.0;
            interface lo0.0;
        }
    }
    ldp {
        interface ge-0/0/2.0;
        interface all;
    }
}
policy-options {
    policy-statement London_Export {
        term 1 {
            from protocol static;
            then {
                community add London;
                accept;
            }
        }
        term 2 {
            then reject;
        }
    }
    policy-statement London_Import {
        term 1 {
            from {
                protocol bgp;
                community London;
            }
            then accept;
        }
        term 2 {
            then reject;
        }
    }
    community London members target:200:200;
}
security {
    forwarding-options {
        family {
            mpls {
                mode packet-based;
            }
        }
    }
}
routing-instances {
    London {
        instance-type vrf;
        interface ge-0/0/1.0;
        route-distinguisher 200:200;
        vrf-import London_Import;
        vrf-export London_Export;
        vrf-target target:200:200;
        routing-options {
            static {
                route 100.100.100.1/32 next-hop 200.200.200.2;
            }
        }
    }
}

[edit]
root@IBHANAN#


-------------------------------------------------------------------------
CISCO
-------------------------------------------------------------------------

Hanuman>
Hanuman>en
Password:
Password: sj      show run
Building configuration...

Current configuration : 1707 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Hanuman
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$RMZ5$60IY29i1BBont51p.5gPM/
enable password password
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
--More--                           !
no ip domain lookup
ip vrf London
rd 200:200
route-target export 200:200
route-target import 200:200
!
ip audit po max-events 100
mpls label protocol ldp
tag-switching tdp router-id Loopback0
!
!
!
!
!
!
!
!
!
!
!
!
!
--More--                           !
!
!
!
!
!
!
!
interface Loopback0
ip address 97.9.15.2 255.255.255.255
!
interface FastEthernet0/0
ip address 220.225.33.2 255.255.255.0
duplex auto
speed auto
tag-switching ip
no cdp enable
!
interface FastEthernet0/1
ip vrf forwarding London
ip address 10.255.8.1 255.255.255.0
shutdown
duplex auto
--More--                            speed auto
no cdp enable
!
router ospf 200
router-id 97.9.15.2
log-adjacency-changes
network 97.9.15.0 0.0.0.255 area 0
network 220.225.33.0 0.0.0.255 area 0
!
router bgp 200
no synchronization
bgp log-neighbor-changes
neighbor 97.9.15.1 remote-as 200
neighbor 97.9.15.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 97.9.15.1 activate
neighbor 97.9.15.1 send-community both
exit-address-family
!
address-family ipv4 vrf London
redistribute static
--More--                            no auto-summary
no synchronization
exit-address-family
!
ip classless
!
no ip http server
no ip http secure-server
!
dialer-list 1 protocol ip permit
dialer-list 1 protocol ipx permit
no cdp run
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
--More--                           line vty 0 4
exec-timeout 35791 0
password password
login
!
!
end

Hanuman#show mpl
Hanuman#show mpls for
Hanuman#show mpls forwarding-table ?
  A.B.C.D     Destination prefix
  detail      Detailed information
  interface   Match outgoing interface
  labels      Match label values
  lsp-tunnel  LSP Tunnel id
  next-hop    Match next hop neighbor
  vrf         Show entries for a VPN Routing/Forwarding instance
  |           Output modifiers
 

Hanuman#show mpls forwarding-table vrf
Hanuman#show mpls forwarding-table vrf Lon
Hanuman#show mpls forwarding-table vrf London
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
Hanuman#show                     show mpls forwarding-table vrf London                                run                                                             mpls forwarding-table vrf London                              ?
  A.B.C.D     Destination prefix
  detail      Detailed information
  interface   Match outgoing interface
  labels      Match label values
  lsp-tunnel  LSP Tunnel id
  next-hop    Match next hop neighbor
  vrf         Show entries for a VPN Routing/Forwarding instance
  |           Output modifiers
 

Hanuman#show mpls forwarding-table det
Hanuman#show mpls forwarding-table detail
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop   
tag    tag or VC   or Tunnel Id      switched   interface             
16     Pop tag     97.9.15.1/32      0          Fa0/0      220.225.33.1
MAC/Encaps=14/14, MRU=1504, Tag Stack{}
00239C7DFF82001201AE83008847
No output feature configured
    Per-packet load-sharing
17     Untagged    97.9.15.0/24      0          Fa0/0      220.225.33.1
MAC/Encaps=0/0, MRU=1504, Tag Stack{}
No output feature configured
    Per-packet load-sharing
Hanuman#show mpl
Hanuman#show mpls ld
Hanuman#show mpls ldp ?
  backoff     LDP session setup backoff table
  bindings    Show the LDP Label Information Base (LIB))
  discovery   Display sources for locally generated LDP Discovery Hello PDUs
  neighbor    Display LDP neighbor information
  parameters  Display LDP configuration parameters

Hanuman#show mpls ldp bin
Hanuman#show mpls ldp bindings
  tib entry: 97.9.15.0/24, rev 8
local binding:  tag: 17
  tib entry: 97.9.15.1/32, rev 6
local binding:  tag: 16
remote binding: tsr: 97.9.15.1:0, tag: imp-null
  tib entry: 97.9.15.2/32, rev 2
local binding:  tag: imp-null
remote binding: tsr: 97.9.15.1:0, tag: 299776
  tib entry: 220.225.33.0/24, rev 4
local binding:  tag: imp-null
Hanuman#

Cisco Employee

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

Is the VPNv4 session up between the 2 PEs? Do a "show bgp vpnv4 uni all summ" and "show bgp vpnv4 uni all" on the cisco side to verify.

You should also add the "redistribute connected" under "address-family ipv4 vrf London" on the cisco side. And also unshut interface FastEthernet0/1.

One more thing. It is generally recommended to use a /32 prefix on the loopback interface of the PE. You should change the /24 to a /32 on the Juniper side.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

I have made changes as suggested by you however I can ping only one way from CPE1 (CPE Connected to Juniper router) to CPE2 ( CPE connected to Cisco router). I cannot ping from CPE2 ( CPE connected to Cisco router) to CPE1 (CPE Connected to Juniper router). I sm psdting the modified configuration alng with all the "Show" commands on Juniper and Cisco. Please help.

CPE1 Loopback0=194.1.1.1 ,Loopback1=194.1.2.1

CPE1 Loopback0=192.168.1.1 ,Loopback1=192.168.2.1

Juniper Router Show Commands

root@IBHANAN> show route table London.inet.0

London.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.255.8.0/24     *[BGP/170] 02:31:45, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

192.168.0.0/16     *[Static/5] 01:31:26

                   > to 200.200.200.2 via ge-0/0/1.0

194.1.1.0/24       *[BGP/170] 02:31:45, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

194.1.2.0/24       *[BGP/170] 02:31:45, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

200.200.200.0/24   *[Direct/0] 01:31:26

                   > via ge-0/0/1.0

200.200.200.1/32   *[Local/0] 06:59:29

                     Local via ge-0/0/1.0

root@IBHANAN> show route

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.0/24       *[Direct/0] 07:01:43

                  > via lo0.0

97.9.15.1/32       *[Local/0] 07:01:43

                     Local via lo0.0

97.9.15.2/32       *[OSPF/10] 06:34:34, metric 2

                   > to 220.225.33.2 via ge-0/0/2.0

220.225.33.0/24   *[Direct/0] 06:35:20

                    > via ge-0/0/2.0

220.225.33.1/32   *[Local/0] 07:01:15

                     Local via ge-0/0/2.0

224.0.0.5/32       *[OSPF/10] 07:01:44, metric 1

                     MultiRecv

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 06:34:20, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0

London.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.255.8.0/24     *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

192.168.0.0/16     *[Static/5] 01:33:12

                   > to 200.200.200.2 via ge-0/0/1.0

194.1.1.0/24       *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

194.1.2.0/24       *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

200.200.200.0/24   *[Direct/0] 01:33:12

                   > via ge-0/0/1.0

200.200.200.1/32   *[Local/0] 07:01:15

                     Local via ge-0/0/1.0

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

0                 *[MPLS/0] 07:01:44, metric 1

                     Receive

1                 *[MPLS/0] 07:01:44, metric 1

                      Receive

2                 *[MPLS/0] 07:01:44, metric 1

                     Receive

299776             *[LDP/9] 06:34:20, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

299776(S=0)       *[LDP/9] 06:34:20, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

299968             *[VPN/170] 01:33:12

                   > to 200.200.200.2 via ge-0/0/1.0, Pop

bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

200:200:10.255.8.0/24

                   *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

200:200:194.1.1.0/24

                   *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

200:200:194.1.2.0/24

                   *[BGP/170] 02:33:31, MED 0, localpref 100, from 97.9.15.2

                    AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

root@IBHANAN>

root@IBHANAN> show route table bgp.l3vpn.0

bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

200:200:10.255.8.0/24

                   *[BGP/170] 02:35:39, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

200:200:194.1.1.0/24

                   *[BGP/170] 02:35:39, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

200:200:194.1.2.0/24

                   *[BGP/170] 02:35:39, MED 0, localpref 100, from 97.9.15.2

                      AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

root@IBHANAN> show route table mpls protocol vpn

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

299968             *[VPN/170] 01:36:25

                   > to 200.200.200.2 via ge-0/0/1.0, Pop

root@IBHANAN> show bgp summary

Groups: 1 Peers: 1 Down peers: 0

Table         Tot Paths Act Paths Suppressed   History Damp State   Pending

bgp.l3vpn.0           3          3         0         0         0         0

Peer                     AS     InPkt     OutPkt   OutQ   Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...

97.9.15.2               200       319       359       0       2     2:37:32 Establ

bgp.l3vpn.0: 3/3/3/0

London.inet.0: 3/3/3/0

root@IBHANAN> show bgp neighbor

Peer: 97.9.15.2+64711 AS 200   Local: 97.9.15.1+179 AS 200

Type: Internal   State: Established   Flags:

Last State: OpenConfirm   Last Event: RecvKeepAlive

Last Error: None

Options:

Address families configured: inet-vpn-unicast

Holdtime: 90 Preference: 170

Number of flaps: 2

Last flap event: Closed

Peer ID: 97.9.15.2       Local ID: 97.9.15.1      Active Holdtime: 90

Keepalive Interval: 30         Peer index: 0

BFD: disabled, down

NLRI for restart configured on peer: inet-vpn-unicast

NLRI advertised by peer: inet-unicast inet-vpn-unicast

NLRI for this session: inet-vpn-unicast

Peer supports Refresh capability (2)

Restart time configured on the peer: 120

Stale routes from peer are kept for: 300

Peer does not support Restart capability

Peer does not support 4 byte AS extension

Table bgp.l3vpn.0

   RIB State: BGP restart is complete

   RIB State: VPN restart is complete

   Send state: not advertising

   Active prefixes:             3

   Received prefixes:           3

   Accepted prefixes:           3

   Suppressed due to damping:   0

Table London.inet.0 Bit: 20000

   RIB State: BGP restart is complete

   RIB State: VPN restart is complete

   Send state: in sync

   Active prefixes:             3

   Received prefixes:           3

   Accepted prefixes:           3

   Suppressed due to damping:   0

   Advertised prefixes:         1

Last traffic (seconds): Received 16   Sent 28   Checked 46

Input messages: Total 320   Updates 1       Refreshes 0     Octets 6215

Output messages: Total 360   Updates 5       Refreshes 0     Octets 7122

Output Queue[0]: 0

Output Queue[1]: 0

root@IBHANAN>

root@IBHANAN> show mpls lsp

Ingress LSP: 0 sessions

Total 0 displayed, Up 0, Down 0

Egress LSP: 0 sessions

Total 0 displayed, Up 0, Down 0

Transit LSP: 0 sessions

Total 0 displayed, Up 0, Down 0

root@IBHANAN> show route table inet.0

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.0/24       *[Direct/0] 07:08:08

                   > via lo0.0

97.9.15.1/32       *[Local/0] 07:08:08

                      Local via lo0.0

97.9.15.2/32       *[OSPF/10] 06:40:59, metric 2

                   > to 220.225.33.2 via ge-0/0/2.0

220.225.33.0/24   *[Direct/0] 06:41:45

                   > via ge-0/0/2.0

220.225.33.1/32   *[Local/0] 07:07:40

                      Local via ge-0/0/2.0

224.0.0.5/32       *[OSPF/10] 07:08:09, metric 1

                     MultiRecv

root@IBHANAN> show ospf interface

Interface           State   Area           DR ID           BDR ID         Nbrs

ge-0/0/2.0         DR    0.0.0.0         97.9.15.1       97.9.15.2         1

lo0.0               DR     0.0.0.0         97.9.15.1       0.0.0.0           0

root@IBHANAN> show ospf neighbor

Address         Interface             State     ID               Pri Dead

220.225.33.2     ge-0/0/2.0             Full     97.9.15.2         1   32

root@IBHANAN> show route

inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.0/24       *[Direct/0] 07:11:38

                    > via lo0.0

97.9.15.1/32       *[Local/0] 07:11:38

                     Local via lo0.0

97.9.15.2/32       *[OSPF/10] 06:44:29, metric 2

                   > to 220.225.33.2 via ge-0/0/2.0

220.225.33.0/24   *[Direct/0] 06:45:15

                  > via ge-0/0/2.0

220.225.33.1/32   *[Local/0] 07:11:10

                     Local via ge-0/0/2.0

224.0.0.5/32       *[OSPF/10] 07:11:39, metric 1

                     MultiRecv

inet.3: 1 destinations, 1 routes (1 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

97.9.15.2/32       *[LDP/9] 06:44:15, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0

London.inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

10.255.8.0/24     *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

192.168.0.0/16     *[Static/5] 01:43:07

                   > to 200.200.200.2 via ge-0/0/1.0

194.1.1.0/24       *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

194.1.2.0/24       *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

200.200.200.0/24   *[Direct/0] 01:43:07

                   > via ge-0/0/1.0

200.200.200.1/32   *[Local/0] 07:11:10

                     Local via ge-0/0/1.0

mpls.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

0                 *[MPLS/0] 07:11:39, metric 1

                     Receive

1                 *[MPLS/0] 07:11:39, metric 1

                     Receive

2                 *[MPLS/0] 07:11:39, metric 1

                     Receive

299776             *[LDP/9] 06:44:15, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

299776(S=0)       *[LDP/9] 06:44:15, metric 1

                   > to 220.225.33.2 via ge-0/0/2.0, Pop

299968             *[VPN/170] 01:43:07

                   > to 200.200.200.2 via ge-0/0/1.0, Pop

bgp.l3vpn.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden)

+ = Active Route, - = Last Active, * = Both

200:200:10.255.8.0/24

                   *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 21

200:200:194.1.1.0/24

                  *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                     AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 23

200:200:194.1.2.0/24

                   *[BGP/170] 02:43:26, MED 0, localpref 100, from 97.9.15.2

                      AS path: ?

                   > to 220.225.33.2 via ge-0/0/2.0, Push 22

Router Show Commands For Cisco

Hanuman#sh ip bgp vpnv4 all

BGP table version is 14, local router ID is 97.9.15.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

             r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network         Next Hop           Metric LocPrf Weight Path

Route Distinguisher: 200:200 (default for vrf London)

*> 10.255.8.0/24   0.0.0.0                 0         32768 ?

*>i192.168.0.0/16   97.9.15.1                     100     0 i

*> 194.1.1.0       10.255.8.2               0         32768 ?

*> 194.1.2.0       10.255.8.2               0         32768 ?

Hanuman#show mpls forwarding-table

Local Outgoing   Prefix           Bytes tag Outgoing   Next Hop

tag   tag or VC   or Tunnel Id     switched   interface

16     Pop tag     97.9.15.1/32     0         Fa0/0     220.225.33.1

17     Untagged   97.9.15.0/24     0         Fa0/0     220.225.33.1

21     Aggregate   10.255.8.0/24[V] 40090

22     Untagged   194.1.2.0/24[V]   0         Fa0/1     10.255.8.2

23     Untagged   194.1.1.0/24[V]   36502     Fa0/1     10.255.8.2

Hanuman#show mpls ldp bin

Hanuman#show mpls ldp bindings

tib entry: 97.9.15.0/24, rev 8

       local binding: tag: 17

tib entry: 97.9.15.1/32, rev 6

       local binding: tag: 16

       remote binding: tsr: 97.9.15.1:0, tag: imp-null

tib entry: 97.9.15.2/32, rev 2

       local binding: tag: imp-null

       remote binding: tsr: 97.9.15.1:0, tag: 299776

tib entry: 220.225.33.0/24, rev 4

       local binding: tag: imp-null

Hanuman#show mpls ldp discovery

Local LDP Identifier:

   97.9.15.2:0

   Discovery Sources:

   Interfaces:

       FastEthernet0/0 (ldp): xmit/recv

           LDP Id: 97.9.15.1:0

Hanuman#show ip route vrf London

Routing Table: London

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets

C       10.255.8.0 is directly connected, FastEthernet0/1

S   194.1.2.0/24 [1/0] via 10.255.8.2

S   194.1.1.0/24 [1/0] via 10.255.8.2

B   192.168.0.0/16 [200/0] via 97.9.15.1, 01:47:16

Complete Cisco Config

Hanuman#show run

Hanuman#show running-config

Building configuration...

Current configuration : 1831 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Hanuman

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$RMZ5$60IY29i1BBont51p.5gPM/

enable password password

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

!

no ip domain lookup

ip vrf London

rd 200:200

route-target export 200:200

route-target import 200:200

!

ip audit po max-events 100

mpls label protocol ldp

tag-switching tdp router-id Loopback0

interface Loopback0

ip address 97.9.15.2 255.255.255.255

!

interface FastEthernet0/0

ip address 220.225.33.2 255.255.255.0

duplex auto

speed auto

tag-switching ip

no cdp enable

!

interface FastEthernet0/1

ip vrf forwarding London

ip address 10.255.8.1 255.255.255.0

duplex auto

speed auto

no cdp enable

!

router ospf 200

router-id 97.9.15.2

log-adjacency-changes

network 97.9.15.0 0.0.0.255 area 0

network 220.225.33.0 0.0.0.255 area 0

!

router bgp 200

no synchronization

bgp log-neighbor-changes

neighbor 97.9.15.1 remote-as 200

neighbor 97.9.15.1 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 97.9.15.1 activate

neighbor 97.9.15.1 send-community both

exit-address-family

!

address-family ipv4 vrf London

redistribute connected

redistribute static

no auto-summary

no synchronization

exit-address-family

!

ip classless

ip route vrf London 194.1.1.0 255.255.255.0 10.255.8.2

ip route vrf London 194.1.2.0 255.255.255.0 10.255.8.2

!

no ip http server

no ip http secure-server

!

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

no cdp run

line con 0

line aux 0

line vty 0 4

exec-timeout 35791 0

password password

login

!

!

end

Hanuman#

Juniper Router Full Config

root@IBHANAN> show configuration

## Last commit: 2013-07-16 20:30:30 IST by root

version 10.0R4.7;

system {

   host-name IBHANAN;

   domain-name IBHANAN.com;

   time-zone Asia/Calcutta;

   location building "Lake View County Apartments";

   root-authentication {

       encrypted-password "$1$UaKIM2Vv$cLACzAalf5.QhCdfoqmNZ0"; ## SECRET-DATA

   }

   login {

       user ranjeet {

           full-name "RANJEET ASHOK BADHE";

           uid 2007;

           class super-user;

           authentication {

               encrypted-password "$1$tscx4Gf.$XEnMrWOC8kxW6603AAUA2."; ## SECRET-DATA

           }

       }

       user sujata {

           full-name "Sujata Badhe";

           uid 2008;

           class operator;

          authentication {

               encrypted-password "$1$.FRRmZF5$8qybrOXGWClAmG0EOKm9W0"; ## SECRET-DATA

           }

       }

   }

   services {

       ftp;

       ssh;

       telnet;

       web-management {

           http {

              interface ge-0/0/0.0;

           }

       }

   }

   syslog {

       user * {

           any emergency;

       }

       file messages {

           any any;

           authorization info;

       }

       file interactive-commands {

           interactive-commands any;

       }

   }

   license {

       autoupdate {

           url https://ae1.juniper.net/junos/key_retrieval;

       }

   }

}

interfaces {

   ge-0/0/0 {

       unit 0;

   }

   fe-0/0/1 {

       unit 0;

   }

    ge-0/0/1 {

       unit 0 {

           family inet {

               address 200.200.200.1/24;

           }

       }

   }

   ge-0/0/2 {

       unit 0 {

           family inet {

               address 220.225.33.1/24;

           }

           family mpls;

       }

   }

   lo0 {

       unit 0 {

           family inet {

               address 97.9.15.1/24;

           }

       }

   }

}

routing-options {

   router-id 97.9.15.1;

   autonomous-system 200;

}

protocols {

   mpls {

       interface ge-0/0/2.0;

   }

   bgp {

       group SESSION-ROUTER2600 {

           type internal;

           family inet-vpn {

               unicast;

           }

           peer-as 200;

           neighbor 97.9.15.2;

       }

   }

   ospf {

       area 0.0.0.0 {

           interface ge-0/0/2.0;

           interface lo0.0;

       }

   }

   ldp {

       interface ge-0/0/2.0;

       interface all;

   }

}

policy-options {

   policy-statement London_Export {

       term 1 {

           from protocol static;

           then {

               community add London;

               accept;

           }

       }

       term 2 {

           then reject;

       }

   }

   policy-statement London_Import {

       term 1 {

           from {

               protocol bgp;

               community London;

           }

           then accept;

       }

       term 2 {

           then reject;

       }

   }

   community London members target:200:200;

}

security {

   forwarding-options {

       family {

           mpls {

               mode packet-based;

           }

       }

   }

}

routing-instances {

   London {

       instance-type vrf;

       interface ge-0/0/1.0;

       route-distinguisher 200:200;

       vrf-import London_Import;

       vrf-export London_Export;

       vrf-target target:200:200;

       routing-options {

           static {

               route 192.168.0.0/16 next-hop 200.200.200.2;

           }

       }

   }

}

root@IBHANAN>

Cisco Employee

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi

Can you provide output from both CPE's

show ip route

show run <<< NOTE: When sharing configurations always remove passwords even when encrypted.

trace to the destination

!

Can the PE routers ping each other ?

Cisco Employee

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

Do you do extended or regular ping? If you do regular ping, the egress interface ip address is used as the source of the ping packets. This would be an issue in your case as only the cisco side redistributes the PE-CE link.

You either need to do an extended ping using one of the loopback interface ip addresses as the source or redistribute the PE-CE link on the juniper side as well as follow:

policy-options {

   policy-statement London_Export {

       term 1 {

           from protocol static direct;

           then {

               community add London;

               accept;

           }

       }

       term 2 {

           then reject;

       }

   }

You might also want to configure vrf-table-label under the routing instance London.

Regards

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
New Member

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi Harold,

Your observations are precise . The configuration perfectly worked as per your suggestions. I thank you for it. I am pasting the final working configuration of all the routers.

Working Juniper PE Configuration

root@IBHANAN> show configuration

## Last commit: 2013-07-17 23:32:18 IST by root

version 10.0R4.7;

system {

   host-name IBHANAN;

   domain-name IBHANAN.com;

   time-zone Asia/Calcutta;

   location building "Lake View County Apartments";

   root-authentication {

       encrypted-password "$1$UaKIM2Vv$cLACzAalf5.QhCdfoqmNZ0"; ## SECRET-DATA

   }

   login {

       user ranjeet {

           full-name "RANJEET ASHOK BADHE";

           uid 2007;

          class super-user;

           authentication {

               encrypted-password "$1$tscx4Gf.$XEnMrWOC8kxW6603AAUA2."; ## SECRET-DATA

           }

       }

       user sujata {

           full-name "Sujata Badhe";

           uid 2008;

            class operator;

           authentication {

               encrypted-password "$1$.FRRmZF5$8qybrOXGWClAmG0EOKm9W0"; ## SECRET-DATA

           }

       }

   }

   services {

       ftp;

       ssh;

       telnet;

       web-management {

           http {

               interface ge-0/0/0.0;

           }

       }

   }

   syslog {

       user * {

           any emergency;

       }

       file messages {

           any any;

           authorization info;

       }

       file interactive-commands {

           interactive-commands any;

       }

   }

   archival {

       configuration {

           transfer-on-commit;

           archive-sites {

               "ftp://sujata:password@195.195.195.195";

           }

       }

   }

   license {

       autoupdate {

           url https://ae1.juniper.net/junos/key_retrieval;

       }

   }

}

interfaces {

   ge-0/0/0 {

       unit 0;

   }

   fe-0/0/1 {

       unit 0;

   }

   ge-0/0/1 {

       unit 0 {

           family inet {

               address 200.200.200.1/24;

           }

       }

   }

   ge-0/0/2 {

       unit 0 {

           family inet {

               address 220.225.33.1/24;

           }

           family mpls;

       }

   }

   ge-0/0/3 {

       unit 0 {

           family inet {

               address 195.195.195.194/24;

           }

       }

   }

   lo0 {

       unit 0 {

           family inet {

               address 97.9.15.1/24;

           }

       }

   }

}

routing-options {

   router-id 97.9.15.1;

   autonomous-system 200;

}

protocols {

   mpls {

       interface ge-0/0/2.0;

   }

   bgp {

       group SESSION-ROUTER2600 {

           type internal;

           family inet-vpn {

               unicast;

           }

           peer-as 200;

           neighbor 97.9.15.2;

       }

   }

   ospf {

       area 0.0.0.0 {

           interface ge-0/0/2.0;

           interface lo0.0;

       }

   }

   ldp {

       interface ge-0/0/2.0;

       interface all;

   }

}

policy-options {

   policy-statement London_Export {

       term 1 {

           from protocol [ static direct ];

           then {

               community add London;

               accept;

           }

       }

       term 2 {

           then reject;

       }

   }

   policy-statement London_Import {

       term 1 {

           from {

               protocol bgp;

               community London;

           }

           then accept;

       }

       term 2 {

           then reject;

       }

   }

   community London members target:200:200;

}

security {

   forwarding-options {

       family {

           mpls {

               mode packet-based;

           }

       }

   }

}

routing-instances {

   London {

       instance-type vrf;

       interface ge-0/0/1.0;

       route-distinguisher 200:200;

       vrf-import London_Import;

       vrf-export London_Export;

       vrf-target target:200:200;

       vrf-table-label;

       routing-options {

           static {

               route 192.168.0.0/16 next-hop 200.200.200.2;

           }

       }

   }

}

CPE Attached to Juniper PE Configuration

R1#show run

Building configuration...

Current configuration : 1910 bytes

!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

no ip icmp rate-limit unreachable

ip cef

!

!

!

!

no ip domain lookup

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

!

!

!

!

!

archive

log config

hidekeys

!

!

!

!

!

ip tcp synwait-time 5

!

!

!

!

interface Loopback0

ip address 192.168.1.1 255.255.255.0

!

interface Loopback1

ip address 192.168.2.1 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Ethernet1/0

ip address 200.200.200.2 255.255.255.0

duplex half

!

interface Ethernet1/1

no ip address

shutdown

duplex half

!

interface Ethernet1/2

no ip address

shutdown

duplex half

!

interface Ethernet1/3

no ip address

shutdown

duplex half

!

interface Ethernet2/0

no ip address

shutdown

duplex half

!

interface Ethernet2/1

no ip address

shutdown

duplex half

!

interface Ethernet2/2

no ip address

shutdown

duplex half

!

interface Ethernet2/3

no ip address

shutdown

duplex half

!

interface Ethernet2/4

no ip address

shutdown

duplex half

!

interface Ethernet2/5

no ip address

shutdown

duplex half

!

interface Ethernet2/6

no ip address

shutdown

duplex half

!

interface Ethernet2/7

no ip address

shutdown

duplex half

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 200.200.200.1

no ip http server

no ip http secure-server

logging alarm informational

control-plane

gatekeeper

shutdown

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

stopbits 1

line vty 0 4

login

!

end

Working Cisco PE Configuration

show run

Building configuration...

Current configuration : 1831 bytes

!

version 12.3

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Hanuman

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$RMZ5$60IY29i1BBont51p.5gPM/

enable password password

!

no network-clock-participate slot 1

no network-clock-participate wic 0

no aaa new-model

ip subnet-zero

ip cef

!

!

--More--                          !

no ip domain lookup

ip vrf London

rd 200:200

route-target export 200:200

route-target import 200:200

!

ip audit po max-events 100

mpls label protocol ldp

tag-switching tdp router-id Loopback0

!

!

!

!

!

!

!

!

!

!

!

!

!

--More--                          !

!

!

!

!

!

!

!

interface Loopback0

ip address 97.9.15.2 255.255.255.255

!

interface FastEthernet0/0

ip address 220.225.33.2 255.255.255.0

duplex auto

speed auto

tag-switching ip

no cdp enable

!

interface FastEthernet0/1

ip vrf forwarding London

ip address 10.255.8.1 255.255.255.0

duplex auto

speed auto

--More--                           no cdp enable

!

router ospf 200

router-id 97.9.15.2

log-adjacency-changes

network 97.9.15.0 0.0.0.255 area 0

network 220.225.33.0 0.0.0.255 area 0

!

router bgp 200

no synchronization

bgp log-neighbor-changes

neighbor 97.9.15.1 remote-as 200

neighbor 97.9.15.1 update-source Loopback0

no auto-summary

!

address-family vpnv4

neighbor 97.9.15.1 activate

neighbor 97.9.15.1 send-community both

exit-address-family

!

address-family ipv4 vrf London

redistribute connected

redistribute static

--More--                           no auto-summary

no synchronization

exit-address-family

!

ip classless

ip route vrf London 194.1.1.0 255.255.255.0 10.255.8.2

ip route vrf London 194.1.2.0 255.255.255.0 10.255.8.2

!

no ip http server

no ip http secure-server

!

dialer-list 1 protocol ip permit

dialer-list 1 protocol ipx permit

no cdp run

!

!

!

!

!

!

!

!

!

--More--                          line con 0

line aux 0

line vty 0 4

exec-timeout 35791 0

password password

login

!

!

end

Hanuman#

CPE attached to Cisco PE Configuration

R1#show conf

Using 1372 out of 129016 bytes!

upgrade fpd auto

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R1

!

boot-start-marker

boot-end-marker

!

logging message-counter syslog

!

no aaa new-model

ip source-route

ip cef

!

!

!

!

no ipv6 cef

multilink bundle-name authenticated

!

!

voice dsp waitstate 0

!

!

!

!

!

!

!

!

!

!

!

!

!

memory-size iomem 0

archive

log config

hidekeys

!

!

!

!

!

!

interface Loopback0

ip address 194.1.1.1 255.255.255.0

!

interface Loopback1

ip address 194.1.2.1 255.255.255.0

!

interface FastEthernet0/0

no ip address

shutdown

duplex auto

speed auto

!

interface FastEthernet0/1

no ip address

shutdown

duplex auto

speed auto

!

interface Ethernet1/0

ip address 10.255.8.2 255.255.255.0

duplex half

!

interface Ethernet1/1

no ip address

shutdown

duplex half

!

interface Ethernet1/2

no ip address

shutdown

duplex half

!

interface Ethernet1/3

no ip address

shutdown

duplex half

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 10.255.8.1

no ip http server

no ip http secure-server

!

!

!

logging alarm informational

!

!

!

!

control-plane

!

!

!

mgcp fax t38 ecm

!

!

!

!

gatekeeper

shutdown

!

!

line con 0

stopbits 1

line aux 0

stopbits 1

line vty 0 4

login

!

end

R1#

Cisco Employee

Re: Troubleshooting Juniper-Cisco Layer3 VPN

Hi,

I am glad it helped.

Have a great day

Harold Ritter
Sr. Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México
4819
Views
0
Helpful
8
Replies
CreatePlease to create content