Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

How to prefer BGP route over IPsec VPN generated static route

$
0
0

Hi, all,

 

I have a unique situation I don't have an obvious answer for. We have the need to interconnect with a customer by using MPLS-VPN circuit as the primary and IPsec VPN as backup, say we advertise subnet A and customer advertise subnet B to MPLS VPN provider (via BGP of course), everything is good, now we want to set up an IPsec VPN as a backup, unfortunately cutomer side VPN device (Cisco ASA) only supports "policy based" VPN, so I have to explicity configure traffice-selector in SRX vpn configuration listing subnet A as local-ip and subnet-B as remote-ip on SRX, not a problem ... the problem is SRX automatically injects a static route for subnet-B to routing table and SRX would prefer IPsec VPN to reach the customer, how to get around this dilema? 

 

Thanks,


Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>