SRX Services Gateway
Highlighted
SRX Services Gateway

How i can configure full mesh VPN with dual ISP

[ Edited ]
‎01-12-2015 04:24 AM

Hello!

I have a two SRX210
both branches have 2 ISP. I wanna 4 GRE tunnels, for obtain full mesh topology.
#1 BRANCH01_ISP1->BRANCH02_ISP1
#2 BRANCH01_ISP1->BRANCH02_ISP2
#3 BRANCH01_ISP2->BRANCH02_ISP1
#4 BRANCH01_ISP2->BRANCH02_ISP2

result - tunnel #1 is work, other tunnels not work. I think it's happend because all traffic goes through default route. How i can fix this?

3 REPLIES 3
Highlighted
SRX Services Gateway
Solution
Accepted by topic author HunterXXI
‎08-26-2015 01:27 AM

Re: How i can configure full mesh VPN with dual ISP

‎01-13-2015 05:04 AM

You need to put each ISP into their own routing-instance on the SRX.  These are virtual routers that allow an independent routing table so they all can have their own default route.

 

You then leak the routes you do need to share between the two routing instances.

Steve Puluka BSEET - Juniper Ambassador
IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
http://puluka.com/home
Highlighted
SRX Services Gateway

Re: How i can configure full mesh VPN with dual ISP

‎01-14-2015 06:28 AM

Hello!

 

Thanks for your reply. I will try do this.

SRX Services Gateway

Re: How i can configure full mesh VPN with dual ISP

‎01-16-2015 02:19 AM

it's really work. but need full reconfiguring dst and src NAT, secure zones and policies. not easy way 🙂 

Feedback