Customer has two sites - each site has two circuits. One internet and one MPLS. An IPSec VPN connects the two sites. Traffic is routing fine between sites over the VPN.
Site - A 192.168.1.0
Site - B 192.168.3.0
The MPLS circuit is new and the customer wants the MPLS circuit to be the primary route between sites and the VPN as backup.
Each SSG has a bridge group - the bridge group is the LAN gateway.
192.168.3.1
192.168.1.1
Here is the issue - the bridge group has ports that connect to the LAN switch and MPLS router on each firewall. As soon as I add a route with a more desirable preference to force traffic over the MPLS circuit - traffic starts dropping. The route that sends this traffic over the IPSec VPN route goes inactive which is normal and expected. Here are the new static routes:
IP/Netmask Gateway Interface
192.168.1.0/24 192.168.3.3 bgroup0
192.168.3.0/34 192.168.1.20 bgroup0
The gateways are the MPLS routers.
When I run debugs they say no route found and try to send traffic out the VPN tunnel interfaces. Does this make sense? I think the problem is the fact that I am connecting the LAN and MPLS router to a bridger group which nullifies routing.