Hello All,
I got srx240 (Version : 12.3X48-D40.5) in cluster mode. I got 2 ISP links terminated on each node( active/backup) . IPsec VPN tunnel configured on each ISP for remote access. Totally I have 2 VPN tunnels with Interface (st0.2 & st0.3). I have LAN subnet (10.xx/23) where the users are accessing both Internet and remote site applications. I have configured IPsec tunnel with traffic selector option.
When i check the routing table for my remote access, I can see two routes from both tunnels st0.2/st0.3 where st0.3 is primary and st0.2 was backup
I see both the routes in the routing table for remote access.
<remote subnet> *[Static/5] 1d 04:13:52
> via st0.3
[Static/5] 1d 04:13:34
> via st0.2
Issue is: When ISP2 fails ( VPN tunnel mapped to st0.3) goes down, st0.2 should be active for remote traffic. but what happened is when st0.3 went down, st0.2 route changes to st0.3 and gets added in the routing table and i can see only 1 route in the table but it will be pointing to st0.3 ( Not sure on why it got changed from st0.2 to st0.3 as it was showing correctly before the ISP failure).
After ISP2 Failed:
<remote subnet> *[Static/5] 1d 04:13:52
> via st0.3
To resolve this, where i need to execute "restart ipsec-key-management" where proper route was added in the routing table and it started working. Once the ISP restores I can see in routing table both routes correctly.
Can anyone help me on this, is there anything i need to configure to resolve this.