1 Data-Center (Has Layer 3 switch stack)
1 Custom Site (Uses Juniper firewall with Layer 3 "virtual routers)
Each site has 1 VPN tunnel (terminating between firewalls at the respective sites)
Each site has 1 X MPLS router on each site
My client wants to use the VPN tunnel because the circuit terminating the VPN tunnel has much better performance than the MPLS circuit for their Applications the require very low latency
My question is how do we route traffic destined for the Data center via the IPsec VPN tunnel and ensure it arrives back over the IPsec VPN circuit and not return traffic over the MPLS instead.
What would be the simplest/cleanest method considering the same networks may be reachable from either the IPsec VPN or the MPLS network (we want to keep both networks so we dont have general traffic clogging up the faster IPsec tunnel
I was thinking that the Layer 3 logic at the customer site could point traffic destined for the specific network over the IPsec VPN tunnel with a more specific route, what I need to figure out is how can I make sure traffic returns over the same hops rather than be routed out fo the Data-center MPLS network. I assume a static route is preferred but once the customer sourced traffic hits the Data center subnet over the IPSec VPN tunnel where the desired servers/services lives where must the logic live in the destination subnet to return it back to the firewall