2 ISPS

[Semperfi2004]

I have Two ISP's,
ISP 1 - is currently in production, and we have a site to site VPN with between our HQ office and remote office.

ISP 2 - is a MPLS connection, that is between our HQ office and Remote Office.

We want to pass traffic between both offices using our MPLS connection (ISP 2).

Will I have to create separate Zones for these ISPS?
Or is there a better way to configure this, since the MPLS connection is a direct connection between offices ?

I've tried creating a VPN between sites, that doesn't work. I have created routes between sites. With creating routes, I was able to ping each side, but wasn't able to get past the gateway of the untrusted side on the NS208's of the MPLS connection.

Your help will be greatly appreciated, Thank you

 

[Semperfi2004]

Many of you are more experienced and maybe know a better way, but this is a resolution I found that worked:

I made a few posts on this subject, Two ISP's, one being an MPLS connection.

first post:

http://www.juniperforum.com/index.php?topic=5824.0

Second Post:

http://www.juniperforum.com/index.php?topic=5833.0

To resolve the problem I did 3 things:
1) kept my default route ( 0.0.0.0 --> 1.1.1.1) for ISP1,
and created a policy: E1: Trust -> E6: Untrust on ISP1.
Policy for E6 Untrust: (ISP1) -- Trust (10.100.114.254 / 24) Untrust (ANY)

2) Create a route for E8 Untrust: (ISP2 "MPLS")
192.168.152.0 / 24 --> 192.168.151.1

3) I then created a IPSec VPN, in "aggressive mode" on my MPLS connection (E8) to connect both my HQ site (192.168.0.0 / 22) and Remote Site (10.100.114.0 / 24).

The Key was "aggressive mode", all other times I was using "Main Mode"

then reversed the process at the HQ site.

This seemed to have worked.

thanks