Hi Steve,
This seems to be working. Both VPNs come up and look stable. However in the event of the first VPN going down (by disconnecting the DSL interface on the primary Cisco router), the second VPN does not seem to take over.
Funnily enough, outbound traffic from the Cisco Site seems to be ok. I'm guessing the Juniper is detecting it comes in on VPN2 and thus, any return traffic is sent back that same way.
But any traffic from the MPLS cloud (the Trust side of the firewall) to the Cisco site does not seem to be getting there. I believe it is still trying to send traffic out of the primary VPN, which is of course down. It is showing it as down as well which is even more furstrating:
FW-PRI(M)-> get sa
total configured sa: 2
HEX ID Gateway Port Algorithm SPI Life:sec kb Sta PID vsys
00005007< 22.22.22.22 500 esp:3des/sha1 55ccfdba 3501 4095M A/D 8 0
00005007> 22.22.22.22 500 esp:3des/sha1 f8c5973c 3501 4095M A/D 7 0
00004007< 11.11.11.11 500 esp:3des/sha1 00000000 expir unlim I/I 8 0
00004007> 11.11.11.11 500 esp:3des/sha1 00000000 expir unlim I/I 7 0
FW-PRI(M)-> get vpn-group id 1
vpn-group id 1:
vpn VPN-PRI weight 10
vpn VPN-SEC weight 1
FW-PRI(M)->
Any help would be much appreciated 🙂