Hi aarseniev ,
"" 2/ should Site A SRX 210 have 2 established IPSec tunnels to both Site B SRX 210 and Site B SSG at all times, and let the OSPF|BGP running inside IPSec tunnels figure out what is the best route from Site A to Your Site B intranet? "" this is fine for me
But since intranet is same i don't want use both at a same time , i will disconnect srx210 when ssg5 is up . when ssg5 is down i manually attach srx210 to intranet switch so that intrantet traffic will go through srx, when every ssg5 ISP comes back again i connect intranet switch to ssg5
It would be happy for me if Site A can establish 2 site -site vpn (already ssg5 vpn is up, need to bringup one more to siteB srx)
1) since already Sita A srx 210 vpn is established with site B ssg5 can i bring one more site-site vpn with site B srx with same intranet
Site A : SRX 210
ge-0/0/0 3.30.02 ( Untrust eg )
ge 0/0/1 192.168.50.0/24 (trust )
st0.1 10.11.11.11/24
Site B: SSG5
untrust : 23..5.4.7
trust : 192.168.2.0/24
tunnel 1 : 10.11.11.12/24
Now i want to bring up site-site vpn with srx with same intranet (Site A Srx configuration same)
I am getting routing issues because Site B intranet is same with both ssg5 and srx210 device .
Site B : SRX 210
trust 192.168.2.0/24
untrus : 26.7.2.1
st0.1