SRX

Expand all | Collapse all

2 VPNs to Hub Site - how to implement

Jump to Best Answer
  • 1.  2 VPNs to Hub Site - how to implement

     
    Posted 09-11-2018 03:39

    I have 2 ADSL services (for resilience) at a remote site, let's call them 'primary ADSL' and 'backup ADSL'.

     

    We have a Hub-Spoke VPN architecture and run OSPF. 

     

    I wish for the primary ADSL to be used for internet traffic, unless it goes down, and then the backup should be used. I assume I'd just configure qualified-next-hop for this.

     

    The same goes for the VPN tunnels back to the Hub site. I'd want the tunnel over the primary ADSL to take priority, and the tunnel over the backup ADSL connection to be on standby, so to speak. I presume this means configuring 2 separate tunnels back to the Hub and then setting a higher metric in OSPF for the backup VPN?

     

    Does this seems sensible? It's different to how the current ScreenOS device is configured, but that seems to handle VPN differently, hence the question.



  • 2.  RE: 2 VPNs to Hub Site - how to implement

     
    Posted 09-11-2018 22:42

    I blve one of the below KBs will help you. Let me know if you are looking for something additional

     

    https://kb.juniper.net/KB29211  - [SRX] Example - Configuring site to site VPN redundancy with multiple addresses in the gateway 

     

    https://kb.juniper.net/KB29227 - [J/SRX] Example – Configuring a primary and backup VPN with route failover using ip-monitoring 

     



  • 3.  RE: 2 VPNs to Hub Site - how to implement

     
    Posted 09-12-2018 06:15

    Can I just adapt the instructions in the second article for 2 ISPs at the Remote site and 1 ISP at the Hub location or is it not that simple?



  • 4.  RE: 2 VPNs to Hub Site - how to implement
    Best Answer

     
    Posted 10-09-2018 07:34

    In case any one is interested, I setup as stated in my original question, and it worked as I'd hoped.