Thank you for the reply!
I actually tried that this morning...
Tunnel.1 bound to Hub1
Tunnel.2 bound to Hub2
Both VPNS set monitor optimized rekey
set route HUB2_WAN_IP/32 interface tunnel.1 preference 20 description "HUB2_NULL_ROUTE"
set route HUB2_WAN_IP/32 interface ethernet0/2 gateway WAN_GATEWAY preference 20 metric 20 description "HUB2_WAN_ROUTE"
I first tried without the metric 20 route at all, but the VPN kept coming up... i traced down the issue i think though. Looks like traffic was allowed from the hub1 VPN to the wan IP of hub2... so we were building the hub2 vpn inside the hub1 vpn.
The prblem im seeing now though is that:
- if disable/re-enable the Hub2 tunnel (with Hub1 tunnel up) - the hub2 tunnel does NOT come back (which is what we want)
- If i disable the Hub1 tunnel, the hub2 tunnel comes up after a few seconds (which is what we want)
- if i re-enable the Hub1 tunnel, the hub 2 tunnel does NOT go down (which is a problem)
-z