Hi, all,
I have a unique situation I don't have an obvious answer for. We have the need to interconnect with a customer by using MPLS-VPN circuit as the primary and IPsec VPN as backup, say we advertise subnet A and customer advertise subnet B to MPLS VPN provider (via BGP of course), everything is good, now we want to set up an IPsec VPN as a backup, unfortunately cutomer side VPN device (Cisco ASA) only supports "policy based" VPN, so I have to explicity configure traffice-selector in SRX vpn configuration listing subnet A as local-ip and subnet-B as remote-ip on SRX, not a problem ... the problem is SRX automatically injects a static route for subnet-B to routing table and SRX would prefer IPsec VPN to reach the customer, how to get around this dilema?
Thanks,