Hello,
wrote: Hi aarseniev ,
"" 2/ should Site A SRX 210 have 2 established IPSec tunnels to both Site B SRX 210 and Site B SSG at all times, and let the OSPF|BGP running inside IPSec tunnels figure out what is the best route from Site A to Your Site B intranet? "" this is fine for me
But since intranet is same i don't want use both at a same time , i will disconnect srx210 when ssg5 is up .
Then it is not option 2 as I described above, since once You disconnect the Site-B SRX 210, then Site A SRX210 -Site B SRX210 tunnel will go down.
And how do You plan to bring Site B SRX 210 back up? Manually? And what happens if Site A SSG is down at that time? Do You have OOB access, like via a dial-up/GSM modems plugged into both SSG and SRX serial ports?
wrote: Hi aarseniev ,
I am getting routing issues because Site B intranet is same with both ssg5 and srx210 device .
This would not be a problem if You make intranet subnet' BGP advert from Site B SSG through the tunnel more preferred that same advert from Site B SRX210 through another tunnel.
You can do it on Site A SRX210 easily with BGP import policy.
HTH
Thx
Alex