SRX Services Gateway
Highlighted
SRX Services Gateway

bgp vpn between SRX or ospf vpn

[ Edited ]
‎04-16-2018 04:15 AM

We have site-site to vpn between Site A & Site B , (Site A SRX 210 , Site B SSG5 ) till now everything is perfect but now we added new SRX210 at Site B with another ISP. So now SRX210 at Site A should communicate with another Srx 210 at Site B. I want to use either of SSG5 or SRX based on ISP availability , since Site B intranet is same i am unable to configure / bring up one more vpn with srx. Site A > SRX 210 -------ISP---------- ISP--------Site B < SSG 5 Present scenario Site A > SRX 210 -------ISP---------- ISP--------Site B < SSG 5 (ISP A ) or SRX210 (ISP B) (Only 1 ISP will work but SiteA should welcome / connect SiteB network with active / passive ISP , both ssg5 and srx210 are not interconnected both are individual conneted to different ISP) (Site A n/w 192.168.1.0/24 --------Site B n/w 192.168.5.0 ) My questions are : 1) Can i bring up site - site vpn with bgp ? (so that i can bypass same network , but policy or route based vpn need target subnets in zones so but already this n/w eshtablishe with ssg5) 2) Can i configure at Site A network with dual g/w settings with same configuration on both SSG5 / SRX at Site B so that. ( only 1 ISP (SSG5) will be active all the time , if ISP 1 goes down then i will bringup ISP2 (SRX) connection 3) Site A should discover Site B's Active IP and it should allowe same intranet network on site B

Attachments