Hi All... i have been trying to create two active IPSec tunnels via two ISPs to another SRX with a single ISP connection, is this even possible?
public ip x.x.x.x st0.0------ISPA-------- st0.0
SRXA ISPZ public ip z.z.z.z ---- SRXB
public ip y.y.y.y st0.1-------ISPB------ st0.1
the problem i have is with traffic routing out of SRXA it has to build two seperate IPSec tunnels to a single desination IP address.. It is obviously prefering a single egress interface via ISPA to build the IPSec tunnel to SRXB.... but is there a way to force traffic out via the other ISPB to build the second IPSec tunnel??
was thinking around source based routing etc.. but it would be for traffic sourced from the SRX itself and as we are using the same destination address it won't work..