SRX

Expand all | Collapse all

How i can configure full mesh VPN with dual ISP

Jump to Best Answer
  • 1.  How i can configure full mesh VPN with dual ISP

    Posted 01-12-2015 04:25

    Hello!

    I have a two SRX210
    both branches have 2 ISP. I wanna 4 GRE tunnels, for obtain full mesh topology.
    #1 BRANCH01_ISP1->BRANCH02_ISP1
    #2 BRANCH01_ISP1->BRANCH02_ISP2
    #3 BRANCH01_ISP2->BRANCH02_ISP1
    #4 BRANCH01_ISP2->BRANCH02_ISP2

    result - tunnel #1 is work, other tunnels not work. I think it's happend because all traffic goes through default route. How i can fix this?



  • 2.  RE: How i can configure full mesh VPN with dual ISP
    Best Answer

     
    Posted 01-13-2015 05:05

    You need to put each ISP into their own routing-instance on the SRX.  These are virtual routers that allow an independent routing table so they all can have their own default route.

     

    You then leak the routes you do need to share between the two routing instances.



  • 3.  RE: How i can configure full mesh VPN with dual ISP

    Posted 01-14-2015 06:29

    Hello!

     

    Thanks for your reply. I will try do this.



  • 4.  RE: How i can configure full mesh VPN with dual ISP

    Posted 01-16-2015 02:19

    it's really work. but need full reconfiguring dst and src NAT, secure zones and policies. not easy way 🙂