SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Dual ISP - First VPN drop causes Second VPN drop

    Posted 04-11-2016 09:18
      |   view attached

    On SRX240, there are two separate ISP each with static IP.  Other end has two different static IPs.  In normal operation there are two separate tunnels up, BGP fills routing table with routes over both VPNs (primary is preferred and active due to prepends).

     

    The problem is that when the primary ISP goes out, the secondary VPN interface (st0.20) also shows as down and of course the routing table becomes completely empty of BGP routes.   Secondary ISP remains active on pp0.0 when primary ISP is down.

     

          ge0/0/0.0 - ISP 1 - Primary VPN st0.0 - - - 5.5.5.5
SRX <                                                     > Dest
      pp0.0 - - - ISP 2 - Secondary VPN st0.20- - 6.6.6.6

    Attachment(s)

    txt
    dualvpn1.txt   8 KB 1 version


  • 2.  RE: Dual ISP - First VPN drop causes Second VPN drop
    Best Answer

     
    Posted 04-12-2016 22:11

    Hello ,

     

    This is because  both the VPN gatways are using ISP 1  by taking the default route :

     

    route 0.0.0.0/0 next-hop 1.1.1.1;

     

    So create  2 routes :

     

    5.5.5.5 next hop ISP1

    6.6.6.6 next hop ISP 2

     

    This will make the secondary ISP/VPN UP even when first ISP is down .