I have 2 ADSL services (for resilience) at a remote site, let's call them 'primary ADSL' and 'backup ADSL'.
We have a Hub-Spoke VPN architecture and run OSPF.
I wish for the primary ADSL to be used for internet traffic, unless it goes down, and then the backup should be used. I assume I'd just configure qualified-next-hop for this.
The same goes for the VPN tunnels back to the Hub site. I'd want the tunnel over the primary ADSL to take priority, and the tunnel over the backup ADSL connection to be on standby, so to speak. I presume this means configuring 2 separate tunnels back to the Hub and then setting a higher metric in OSPF for the backup VPN?
Does this seems sensible? It's different to how the current ScreenOS device is configured, but that seems to handle VPN differently, hence the question.
I blve one of the below KBs will help you. Let me know if you are looking for something additional
https://kb.juniper.net/KB29211 - [SRX] Example - Configuring site to site VPN redundancy with multiple addresses in the gateway
https://kb.juniper.net/KB29227 - [J/SRX] Example – Configuring a primary and backup VPN with route failover using ip-monitoring
Can I just adapt the instructions in the second article for 2 ISPs at the Remote site and 1 ISP at the Hub location or is it not that simple?
In case any one is interested, I setup as stated in my original question, and it worked as I'd hoped.