![]() So in the end I would like to have redundancy so that all 4 combinations should work. In the image above, you can see in red where the site2site vpn goes today. ip 5.5.5.5 is quite a bit slower, but is more robust to faults between the two networks. but it is limited to one provider, so the chance that it goes down is quite high. ![]() So, the ip 6.6.6.6 gives us very fast speeds between the offices, as the route goes to the shortes path. Vlan.12 ip address 2) 5.5.5.5/29 (another ip we also want to use). Vlan.12 ip address 1) 6.6.6.6/29 (the one we use today) Today the site2site vpn St0 (used ip range 192.168.21.0/30 on the vpn), uses only isp1, but I would like to have isp2 as a backup.Ģ) Site B actually only has one ISP, but they have given us 2 different IP addresses, one of the addresses uses a special routing to their upstream provider (but only that network!), wheras the other IP address uses BGP and will use whatever routing upstream work. I have some clarifications, and also some new information (to futher complicate things).ġ) SITE A has only one SRX, with each ISP on a separate port. PS: site A has its own AS and ip series, and used BGP to route traffic to/from the two ISPs Is is perhaps better to setup a 2nd VPN tunnel to the ISP2 IP address? if so, how can I automatically start the 2nd VPN if 1st fail? is there a way to Automatically change the VPN tunnel IP address to the IP of the second ISP (ISP2) in the event that ISP1 should go down? or is that a stupid way to do it? but if ISP1 line should go down our VPN also goes down. On one side (Site A), we have two ISPs (BGP), and currently the VPN is setup to the IP address of one of our ISP (ISP1). We have two separate networks with SRXes on both sides (router, firewall, and site2sitevpn).
0 Comments
Leave a Reply. |