Hello everyone,
Here's my topology:
I have issue with traffic going to wrong IPSec when trying to use backup link. So the blue squares are communicating with eachother through IPSEC on the pink link that is going through ISP (when MPLS is down, they communicate through internet links). They also have IPSEC+GRE tunnel between JA1 and JA2 router for PC4 communication. So I've configured backup link for communication between blue squares (Split, Makarska, Imotski) and yellow circle where PC4 is in case JA1 and JA2 router go down. HSRP is configured between CE-ST, JA1 and JA2, my backup route used to work fine until I configured IPSec+GRE tunnel between JA1 -> Split, Makarska and Imotski, JA2 -> Split, Makarska and Imotski. Now when I try to use backup link (ping from PC in Makarska or Imotski) the traffic towards PC4 its going through IPSEC+GRE to JA1 router (even tho its interface towards ISP is down) and not to CE-ST where backup link is.
Traceroute from CE-MA (Makarska router) towards the PC4 (10.30.7.1) is going through the backup link:
Updated my topology and added config of involved routers(on JA2 i didn't config IPSEC+GRE yet, till I solve this issue). Interface towards the ISP is where the IPSEC tunnel between Split, Makarska and Imotski is configured, on JA1 router I've configured IPSEC+GRE towards Split, Makarska and Imotski also on the interface towards the internet.
