I'm working the conf in a lab environment, before putting this into production.
Scenario: 2 offices, 2 redundant ISPs at each.
Desire: Run 1 VPN primary, 2nd VPN as failover. Use OSPF to watch for VPN down, then switch to failover VPN.
In the lab I have setup two SRX220's. I have used mock public IPs to simulate actual static IPs from providers. I have also put a RFC1918 on each interface to use for next-hop in routing.
SRX #1:
ge-0/0/0 - 71.0.0.2/24 & 192.168.14.2
ge-0/0/1 - 173.0.0.2/24 & 192.168.15.2
SRX #2:
ge-0/0/0 - 72.0.0.2/24 & 192.168.14.1
ge-0/0/1 - 174.0.0.2/24 & 192.168.15.1
Static Routes SRX#1
- reach 72.0.0.0/24 with next-hop 192.168.14.1
- reach 174.0.0.0/24 with next-hop 192.168.15.1
Static Routes SRX#2
- reach 71.0.0.0/24 with next-hop 192.168.14.2
- reach 173.0.0.0/24 with next-hop 192.168.15.2
I created 2 VPN tunnels on each SRX:
- Using ge-0/0/0 -- via st0.1
- Using ge-0/0/1 -- via st0.2
(NOTE: I have tried with, and without, the loopback interface in the OSPF area.)
Both VPNs work. I can pass traffic back and forth. (One side of the VPN is 10.100.0.0/24, the other is 10.100.1.0/24)
If I physically pull the plug from interface ge-0/0/0 (breaking VPN over st0.1) after about 60 seconds traffic will pick up automatically over ge-0/0/1 (st0.2). And vice versa.
PROBLEM-- I have not been able to get OSPF working. When I drop to the cli and issue "show ospf neighbor" there is an empty result. When I issue "show ospf interface" both st0.1 and st0.2 appear.
Advice please, on where I am going wrong.
Configs from both SRX devices are attached as text docs to this post.