Hi,
I have two srx devices which are connected through a route-based vpn. Our srx1400 network has a Windows server and the client's network is behind a srx210. The clients workstations on the srx210 network connect to the server on the srx1400 through a route-based vpn between the two srx devices. The clients are experiencing random disconnects and slow downs with their connection to the server from their workstations. We have troubleshooted and we're unable to find the reason why they are experiencing these issues on the route-based vpn. I was thinking of creating second vpn connection as a backup connection and need some help with setting up srx devices so that when there's a disconnect or slowdown, the traffic will be instantly redirected over to the second vpn connection so they don't experience any down time.
I am not sure how to have the traffic redirected to the new vpn connection when they experience issues and would like some help with that please.
So I was thinking of using static route preferences and qualified next hops:
10.1.8.0/24 is the client's network. 10.2.2.22/32 is the windows server. St0.0 is the original tunnel and St0.1 will be the new backup tunnel.
SRX1400
set routing-options static route 10.1.8.0/24 next-hop st0.0
set routing-options static route 10.1.8.0/24 qualified-next-hop st0.1 preference 25
SRX210
set routing-options static route 10.2.2.22/32 next-hop st0.0 (primary vpn tunnel)
set routing-options static route 10.2.2.22/32 qualified-next-hop st0.1 preference 25
Please let me know if this is the correct or best way to do this, thanks!