Hello ,
I have checked in the LAB and found that , both VPN tunnels will come UP , but traffic will be passed to first tunnel that came UP .
Before failover :
root# run show route 5.5.5.5
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[Static/5] 00:06:58
> via st0.0 <<<<<<<<<<<<<<<
[Static/5] 00:05:18
> via st0.1
Once we have the first tunnel fail ( ir the gateway fails ) then only the second tunnel takes over :
On Failover :
root# run show route 5.5.5.5
inet.0: 6 destinations, 6 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[Static/5] 00:01:12
> via st0.1
But what I have observed is that once the Primary tunnel comes UP , still the secondary tunnel will continue to work :
Once the Primary is back UP :
root# run show route 5.5.5.5
inet.0: 6 destinations, 7 routes (6 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
5.5.5.5/32 *[Static/5] 00:01:45
> via st0.1 <<<<<<<<<<<<<<
[Static/5] 00:00:10
> via st0.0
So to achive this goal , we may need to have an IP monitoring for gatetway route failover . Without this also the setup work , but once the primary is back UP , it will not fallback to Primary tunnel untilll the route failover is configured .