I also added the ISP2 zone, the IPS2 policies, and updated NAT to [ISP1 ISP2]. Since having done these changes, my VPN tunnel is doing some crazy things I do not understand. Here what I can see:
- The VPN tunnel still comes up and remains stable.
- Changing the static routing from "route 0.0.0.0/0 next-hop xxx.xxx.xxx.1;" to "route 0.0.0.0/0 next-hop [ xxx.xxx.xxx.1 yyy.yyy.yyy.177 ];" keeps the tunnel working. I can send and receive data and everything just looks fine.
- As soon as I re-boot the SRX220, the tunnel comes up again, however, no data is transferred and/or received.
- As soon as I change the static routing back to "route 0.0.0.0/0 next-hop xxx.xxx.xxx.1;", the vpn tunnel immediately works again. I even can change it to "route 0.0.0.0/0 next-hop [ xxx.xxx.xxx.1 yyy.yyy.yyy.177 ];" without lossing that behavior.
I think I have reached a level, where I need some expert help. Does anybody know, where my mistake is?
PS: If somebody provides professional hourly support, please send me your contact data (WilfriedPeters@peprivate.com). Unfortunately Juniper does not offer this kind of help any more.