[j-nsp] Automatic failover of IPSEC tunnels on SRX3600
Fahad Khan
fahad.khan at gmail.com
Sun Sep 19 05:56:07 EDT 2010
Hi Folks,
SRX3600 in chassis cluster is running on core side and having 200 branches
(with SSG140) connected to it on IPSEC tunnels. Every branch has two link
with different ISPs (primary and secondary) and the whole cloud (of ISPs) is
on MPLS. every branch is connected to core with primary and backup VPNs and
so primary and backup VPN are configured on Core SRX3600 with primary and
backup ISPs
On core side, let say I have two interface on SRX3600
first is reth3.1 for ISP1
second is reth3.2 for ISP2
st0.1 is bound to reth3.1 for primary IPSEC tunnel
st0.2 is bound to reth3.2 for secondary IPSEC
after upgrading to Junos 10.2R2.11, the issue that I am seeing is that, when
primary link on branch gets down, the st0.1 interface remains up on core
SRX3600, that why the primary route (with lower preference), never flush and
hence traffic does not take secondary VPN.
Can any body help me ASAP for having this automatic failover?
thanks in adv,
regards
Muhammad Fahad Khan
JNCIP - M/T # 834
IT Specialist
Global Technology Services, IBM
fahad at pk.ibm.com
+92-301-8247638
Skype: fahad-ibm
http://pk.linkedin.com/in/muhammadfahadkhan
More information about the juniper-nsp
mailing list