Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Configuring MX Series Router Cloud CPE Services to Route Internet Traffic to a Subscriber-Owned NAT Gateway

This topic describes how to configure a VPN subscriber called acme, with two sites. The subnet for Site 1 is 192.168.1.0/24, and the subnet for Site 2 is 192.168.2.0/24. Site 1, which is connected to PE1, has Internet access. The NAT gateway is located in Site 1 with address 192.168.1.2. A static route is added to the VPN routing instance to send Internet traffic to the NAT gateway. Site 1 has two VLAN interfaces into the PE1 router: one for VPN internal traffic and one for public Internet traffic.

Internet access from Site 2 travels through the NAT gateway in Site 1. The static route configured in the VPN routing instance of Site 1 is propagated to the VPN routing instance at Site 2 through IBGP.

For this configuration you will:

  1. In PE1, configure a bridge domain, the IRB interface, and the VLAN interface for the VPN internal interface.

  2. In PE1, configure a VPN routing instance that includes the IRB interface.

  3. In PE1, configure the second VLAN interface for the public interface for the subscriber.

  4. Optionally, configure a static or dynamic route for Internet access from the Site 1.

  5. In the Layer 2 CPE, configure two VLAN interfaces: one as a VPN internal interface, and one as an Internet public interface.

  6. In PE2, configure the bridge domain, IRB interface, and the VLAN interface.

  7. In PE2, configure the VPN routing instance that includes the IRB interface.

Before you begin, make sure you have completed the steps for the cCPE common configuration. See Configuring the Common Configuration for MX Series Router Cloud CPE Services.

Then complete the following tasks to configure CPE-based dual Ethernet:

  1. Configure the PE1 router. See Configuring MX Series Router Cloud CPE Services on PE1 to Route Internet Traffic to a Subscriber-Owned NAT Gateway.
  2. Configure the PE2 router. See Configuring MX Series Router Cloud CPE NAT Services on the PE2 Router to Route Internet Traffic:
  3. Configure the Layer 2 CPE. See Configuring the Layer 2 CPE at the PE1 Site When Running MX Series Router Cloud CPE Services to Route Internet Traffic to a Subscriber-Owned NAT Gateway.
    Note:

    This procedure uses a Juniper Networks EX Series Ethernet Switch for the Layer 2 CPE.