SRX

Hi, I've been searching here at J-Net forum but I was enable to find any scenario that looks like mine as I don't have any scope yet defined and I would like to hear some suggestions. Sorry but my hands-on experienced is not too much with those devices. I need to build a tunnel between SRX-1 and SRX-2 (topology attached) both SRX 550, SRX-1 has two different ISP to access the Internet. 1 - Hub-and-Spoke (all solutions that I found show a Hub to different locations my scenario is different) 2 - Route-Based (I never tried to build more than one tunnel to the same destination). 3 - Route-Based with NHTB (could be an option but I still stuck on the above confirmation) Regards,

Hi Fernando,

 

you can just configure two vpn's each with it's own ST0.x interface, so routebased vpn's. Of course you speccify different outgoing interface on the dual isp side en different destinations on the otherside. Dont forget to add st0.x to a zone and allow trafiic in and out with a policy.

 

In the routing table you can decide what to do two routes with different prefenece: (one with qualified next-hop): active passive.  With a stateless filter and load-balance-per-packet action (which in pact is per flow, it's just called per packet) active active.

Hi Screenie, I'll lab it up this scenario. Cheers,