https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46097#M33862 <HTML><HEAD></HEAD><BODY><P>Hi...You configured 2 things here: 'set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface.'&nbsp; I would recommend testing only one: set the default route 0.0.0.0/0 to the tunnel interface and leave the next hop at &lt;none&gt;.&nbsp; Thanks.</P></BODY></HTML> Mon, 06 Feb 2012 15:59:12 GMT rmonvon 2012-02-06T15:59:12Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46093#M33858 <HTML><HEAD></HEAD><BODY><P>What's the best way to route all internet traffic (except IPSec VPN tunnels) through a IPSec VPN tunnel interface?</P><P>We want to have a single point where all internet traffic passes through and uses the same policies for web and applications.</P></BODY></HTML> Fri, 03 Feb 2012 11:36:13 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46093#M33858 helge 2012-02-03T11:36:13Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46094#M33859 <HTML><HEAD></HEAD><BODY><P>Hi...You can try defining a default route and set the next-hop to be the tunnel interface.&nbsp; Thanks.</P></BODY></HTML> Fri, 03 Feb 2012 15:03:42 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46094#M33859 rmonvon 2012-02-03T15:03:42Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46095#M33860 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>I've already tried to set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface. But it seems like this configuration is not working with the logic/processing flowchart of the firewall.</P><P></P><P>On the remote PA firewall I've added a rule from the VPN zone to Untrust and NAT rule.</P><P></P><P>Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel. I haven't had chance to try this out as this is in a production environment. Anyone have a lab setup they could test this? Or even better, anyone else actually routing default gateway through a tunnel interface?</P></BODY></HTML> Mon, 06 Feb 2012 07:32:00 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46095#M33860 helge 2012-02-06T07:32:00Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46096#M33861 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>In your previous mail, you said :</P><P></P><P>Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel.</P><P></P><P>Basically, that's the only way to solve your issue !</P><P></P><P>With this config, it should work...</P><P></P><P>Regards,</P><P></P><P>Hedi</P></BODY></HTML> Mon, 06 Feb 2012 07:37:28 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46096#M33861 licenselu 2012-02-06T07:37:28Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46097#M33862 <HTML><HEAD></HEAD><BODY><P>Hi...You configured 2 things here: 'set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface.'&nbsp; I would recommend testing only one: set the default route 0.0.0.0/0 to the tunnel interface and leave the next hop at &lt;none&gt;.&nbsp; Thanks.</P></BODY></HTML> Mon, 06 Feb 2012 15:59:12 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46097#M33862 rmonvon 2012-02-06T15:59:12Z https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46098#M33863 <HTML><HEAD></HEAD><BODY><P>Hi. Not work for PPoE with static address (other in default). Any idea? Thanks.</P></BODY></HTML> Sun, 30 Sep 2012 17:45:54 GMT https://live.paloaltonetworks.com/t5/general-topics/how-to-route-internet-traffic-through-a-tunnel-interface/m-p/46098#M33863 hsnetworks01 2012-09-30T17:45:54Z