ScreenOS Firewalls (NOT SRX)
Reply
Contributor
ITSupport
Posts: 12
Registered: ‎11-10-2009
0

route based vpns through one tunnel interface

Hi

 

I have configured multiple vpn tunnels through one tunnel interface. I have also created routes with next hop entries for destination network and then completed NHTB in tunnel interface. But I have two vpns going to same destination network with different gateways. The example configuration is as follows:

 

route 1 = route to 192.168.32.0/24 via tunnel.1 with next hop 1.1.1.1 (public address) preference 20 metric 1

route 2 = route to 192.168.32.0/24 via tunnel.1 with next hop 2.2.2.2 (public address) preference 20 metric 5

route 3 = route to 192.168.32.0/24 via NULL preference 20 metric 15

 

vpn1 is going to 1.1.1.1

vpn2 is going to 2.2.2.2

 

tunnel.1 is binded to vpn1 and vpn2

tunnel.1 has got NHTB enteries for both vpns

 

As per above configuration and my understanding both VPNs will be up as long as both gateways are up. But traffice will travel through route1 and route 1/2 will stay active. Once 1.1.1.1 is down then route 1 will be inactive and route 2 active. Traffic will travel via route 2.

 

So my query is will this configuration work like what I mentioned above or not? If not, then how this configuration gonna work and how can I fix it?

 

Cheers !

 

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.