Quantcast
Channel: All SRX Services Gateway posts
Viewing all articles
Browse latest Browse all 17645

Re: failover or bgp vpn between SRX (Site A) to SRX & SSG5 (at same site with same Internal but different ISP )

$
0
0

Hi aarseniev ,

 

       ""    2/ should Site A SRX 210 have 2 established IPSec tunnels to both Site B SRX 210 and Site B SSG at all times, and let the OSPF|BGP running inside IPSec tunnels figure out what is the best route from Site A to Your Site B intranet? "" this is fine for me

 

But  since intranet is same i don't want  use both at a same time , i will disconnect srx210 when ssg5 is up . when ssg5 is down i manually attach srx210 to intranet switch so that intrantet traffic will go through srx, when every ssg5 ISP comes back again i connect intranet switch to ssg5

 

 

 It would be happy for me if Site A can  establish 2 site -site vpn (already ssg5 vpn is up, need to bringup one more to siteB srx)

 

1) since already Sita A srx 210 vpn is established with site B ssg5  can i bring one more site-site vpn with site B srx with same intranet

 

Site A  :  SRX 210

ge-0/0/0 3.30.02 ( Untrust eg )

ge 0/0/1 192.168.50.0/24 (trust )

st0.1 10.11.11.11/24

 

Site B: SSG5

untrust : 23..5.4.7

trust :  192.168.2.0/24

tunnel 1 : 10.11.11.12/24

                                                   Now i want to bring up site-site vpn with srx with same intranet (Site A Srx configuration same)

         I am getting routing issues because Site B intranet is same  with both ssg5 and srx210 device .

 

 

Site B : SRX 210

trust 192.168.2.0/24

untrus : 26.7.2.1

st0.1


Viewing all articles
Browse latest Browse all 17645

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>