Thanks for the quick response. I added this:
set vr trust-vr
set protocol rip
set redistribute route-map "InternalRoutes" protocol connected
and now am getting a bit closer. I see the remote subnets now in the database, but I'm seeing the following from the 2 units:
site A:
fw1-> get route ip 192.168.14.0
Dest for 192.168.14.0
--------------------------------------------------------------------------------------
trust-vr : => 192.168.14.0/24 (id=21) via 0.0.0.0 (vr: trust-vr)
Interface tunnel.4 , metric 1
site B:
fw2-> get route ip 192.168.1.0
Dest for 192.168.1.0
--------------------------------------------------------------------------------------
trust-vr : => 192.168.1.0/24 (id=295) via 172.20.0.1 (vr: trust-vr)
Interface ethernet0/3 , metric 11
potential routes in other vrouters:
trust2-vr : => 0.0.0.0/0 (id=190) via 172.16.0.20 (vr: trust2-vr)
Interface ethernet0/4 , metric 4
So site 2 looks to have both routes, over the point to point and the route that it is learning via ospf in trust2-vr. Site 1 has the incorrect route in the routing table. The topology is Site 1 (FW1) has a vpn to HQ and HQ and FW2 are both participating in an ospf area. HQ is advertising the Site 1 network to FW2 and allow the traffic from Site 2 to Site 1 over the tunnel. Site 1 has a static route as follows for the network at site 2:
set route 192.168.14.0/24 interface tunnel.2 preference 150
set route 192.168.14.0/24 interface tunnel.4 preference 75
Do I need to remove the static routes?