I have a issue with two default route on SSG FW.
HQ have a Juniper SSG550 and E0/1 public IP address 18.104.22.168/24 in Untrust Zone，E0/2 public IP address 22.214.171.124/24 in Untrust Zone.
There have two default route ：
set route 0.0.0.0/0 interface ethernet0/1 gateway 126.96.36.199
set route 0.0.0.0/0 interface ethernet0/2 gateway 188.8.131.52 metric 10
So, Any traffic from Trust to Untrust（To Internet）will pass through interface E0/1.
All right, This is a normal action.
Now, Our other site have a juniper SSG20 which have a public address 184.108.40.206/24 on interface E0/0 . (set route 0.0.0.0/0 interface ethernet0/0 gateway 220.127.116.11)
We want routed-base vpn redundant between SSG550 and SSG20.
When I ping SSG550 E0/1 address 18.104.22.168 on SSG20, it's OK!
When I ping SSG550 E0/2 address 22.214.171.124 on SSG20, it's OK !!!! Why？？？
Is SSG550 recive the icmp request from E0/2 and lookup routing-table return this packet to E0/1 ?
But After I delete the second default route(unset route 0.0.0.0/0 interface ethernet0/2 gateway 126.96.36.199 metric 10)，the ping failure(SSG 20 do not ping 188.8.131.52)
Anybody help me ?
Can you provide the output from SSG550 of command:
The simpliest way to work around this issue is to install two identical routes to the remote gateway out of both providers. This will allow both to respond and setup tunnels to the remote office.
set route 184.108.40.206/32 interface ethernet0/1 gateway 220.127.116.11
set route 18.104.22.168/32 interface ethernet0/2 gateway 22.214.171.124