SRX

 View Only
last person joined: 17 hours ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  WAN Link primary and Internet VPN as a Backup

    Posted 02-20-2019 09:09

    Hi

     

    I have two links between two branches (WAN and Internet), and the target is to have the WAN Link primary and the VPN over the internet link as a Backup.

    I configured the route preference over WAN link prefered than the route preference over the VPN st0.

    And configured RPM to prefer the st0 route if the WAN link goes down.

     

    But I can always see the routes always prefer the st0, although its not the prefered route...

     

    Any ideas...

     

    Thanks 



  • 2.  RE: WAN Link primary and Internet VPN as a Backup

    Posted 02-20-2019 17:16

    Start with seeing what the live route table is showing for the route prefix in question.

    show route x.x.x.x/x

     

    Are both routes you configured showing

    which is indicated as active with the *

    And what protocol are the routes involved, static, ospf, bgp?

     

    We also need to consider the topology.

    Is the WAN a separate routed link connection or is that next hop in the same subnet as the source traffic.

     

     



  • 3.  RE: WAN Link primary and Internet VPN as a Backup

    Posted 02-21-2019 04:37

    HI

     

    I am using static routes, the second link is separate link not related to the primary one.

    And I can see both routes in the routing table with * for the st0 route.

    Although I configured different prefences for both routes

     

    set routing-options static route 172.16.0.0/16 qualified-next-hop 10.10.50.1 preference 5
    set routing-options static route 172.16.0.0/16 qualified-next-hop st0.2 preference 10

     

    Whenever the VPN is up, the st0 route is selected and with preference 5 "although I configured it as preference 10"

    Only when I deactivate the VPN the route become routed over 10.10.50.1



  • 4.  RE: WAN Link primary and Internet VPN as a Backup

    Posted 02-21-2019 05:35

    Do you have traffic selector configured on the VPN for 172.16.0.0/16 network? 

     



  • 5.  RE: WAN Link primary and Internet VPN as a Backup

    Posted 02-21-2019 06:28

    Hi

     

    Yes I have traffic-selector, and changed it to proxy-id and its working now.

    seems using the traffic selector installs a permenant route in the routing table...

     

    Thanks 



  • 6.  RE: WAN Link primary and Internet VPN as a Backup
    Best Answer

    Posted 02-21-2019 06:42
    Yes, when you use traffic selector, a static route will be installed automatically for the subnet mentioned in remote ip as soon as vpn comes up. It is an expected behavior.



  • 7.  RE: WAN Link primary and Internet VPN as a Backup

    Posted 06-11-2021 23:49
    Edited by Calvinkw 06-11-2021 23:54
    just wondering if you use TS and also add a static route with preference, will the manually added static route with preference be installed in the route table instead of of the ARI by TS ?

    calvin