I have a site with a direct-to-internet connection, and I'm trying to emulate an MPLS connection with an IPSec tunnel. I want to pass all traffic from LAN hosts across the tunnel rather than directly to the internet.
I'm pretty sure that if I do this:
set protocols static route 0.0.0.0/0 next-hop <remote IP at other end of VPN tunnel>
I'm going to have a bad time (the ER-X isn't going to know how to get to the remote IP anymore).
I can add another static route (destination of the remote side's public IP) to the ER-X that uses the correct local subnet gateway for this router... but then all other traffic from the router is going to go across the VPN, which I don't necessarily want/need. The point of the setup is that all of the hosts behind the router / on the LAN go across the VPN, but the router's administrative traffic / DNS lookups / DPI definition downloads / etc don't necessarily have to use the VPN.
Any thoughts on how to handle this?
