Move WAN interfaces into routing-instances and keep IPEC and "Ip-ip" interfaces
I have an really old (12.1X47-D20.7) vSRX running at home. Cant upgrade as there is no upgrade path and the licenses are crazy expensive.
Anyways I have since a couple of months a dual ISP setup and both ISPs are running DHCP so the best way for me to run these simultaniously is to place them in their own routing instances. This allows me to leak the routes I want in/out of inet.0. However that broke my IPSEC and IP/GRE tunnels, as well got wierd behavor for self-traffic. I was for example able to ping an external (internet) host withing specifying routing-instance but could not traceroute, or do anything else (telnet/ssh) etc outside.
So I placed my main ISP back into the master table and everything started working again as expected. I think I tried most stuff like specifying a routing-instance on my "st0" and "ip" interfaces, places these interfaces in the same routing-instance as the pysical interface they would use to connect. I've tried to create static routes to the ipsec/ip-ip destination etc but no luck.
I think I have done this before when I only had one ISP (and placed that into a routing instance) but that config is long gone now.
Traffic from my core (EX3300) comes into via OSPF on the inet.0 table and I have not had any issues with my dual ISP setup, I could even do a few static routes with "next-table" on the SRX and I could use both ISPs. I'm sure I could even do round robin if Id wanted The problem is on the SRX itself.
I'm using in-band management. I'm more looking for advice if anyone is running tunnel interfaces from inet.0 where the egress interface is in another routing-instance?
At work we are running a pair of SRX5800's where this works as expected.