So I have an SRX345 that has 2 subnets that, for part of the year, are directly connected to the corp SRX, and for the other part of the year they are in a different part of the country, accessible via IPSEC vpn.
Does anyone have a good suggestion for a technique to make this work with a minimum of config intervention? Currently, a static route points to the devices directly connected, and when the subnets move offsite, the IPSEC tunnel is established and the route is changed. Ideally, I would prefer not having to make all the manual config changes and just have a route update in a more automatic way.
The VPN destinations, while the subnets are onsite, are not available. The only services available are high latency satellite internet connections in very remote areas and they are only turned up when the equipment is shipped from corp to the remote sites.
Any suggestions for how to do this in a less manual, more automatic way would be greatly appreciated.
I am open to introducing extra hardware between the corp SRX and the 2 migrating subnets, if that would make things easier. The far end, when brought online is also an SRX.