decapsulate (Firewall Filter)
Syntax
decapsulate { gre { apply-groups; apply-groups-except; forwarding-class; interface-group(0 -255) no-decrement-ttl; routing-instance; sample; } gre-in-udp{ l2tp { apply-groups; apply-groups-except; cookie; forwarding-class; no-decrement-ttl; output-interface; sample; } }
Description
Define the termination action for GRE and L2TP tunnels.
Options
gre
—(Optional) Terminate a
GRE tunnel for the filter conditions that are matched.
l2tp
—(Optional) Terminate an L2TP tunnel for
the filter conditions that are matched.
output-interface interface-name
—(Optional) For L2TP tunnels, enable the packet to be duplicated
and sent towards the customer or the network (based on the MAC address
in the Ethernet payload),
cookie l2tpv3-cookie
—(Optional)
For L2TP tunnels, specify the L2TP cookie for the duplicated packets.
If the tunnel does not contain the receive-cookie configured, packet
injection does not happen. In such a case, any received tunnel packet
is counted and dropped in the same manner in which packets that arrive
with a wrong cookie are counted and dropped.
Required Privilege Level
firewall—To view this statement in the configuration.
firewall-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 7.6.
output-interface
and cookie
options introduced
in Junos OS Release 15.1.
decapsulate gre
introduced in Junos OS Release 15.1F3
and 16.1R2 for PTX5000 routers with third generation FPCs and Junos OS
Release 15.1F6 and 16.1R2 for PTX3000 routers with third-generation
FPCs.
no-decrement-ttl
attribute for the decapsulate
gre
filter action introduced in Junos OS Release 15.1F6
and 16.2R1 for PTX5000 routers with third-generation FPCs.