i have an ipsec tunnel between a srx and end device using route based vpn. I am using ebgp to advertise this end device IP address to the rest of the network. So what i want to achieve is to create a routing policy to export exact static routes to the bgp neighbour, this now the static route via the tunnel. Problem i am facing is when the ipsec tunnel is down the st0 interface stays up, therefore the static route stays active and the routes keeps on being advertised via bgp. Can anyone explain this behaviour and what is a possible solution.
The tunnel interface is a virtual interface that stays up at all times. You can configure VPN monitor to detect when the VPN is down and bring down the tunnel interface while the VPN is not active. This will then remove the static route from the active table.