All traffic through LSVPN (or LSVPN route metric)

Reply
L5 Sessionator

All traffic through LSVPN (or LSVPN route metric)

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active route in forwarding table. And if we change metric on static default route (to more than 100) I guess the satellite will lose connectivity with GW gateway over outside interface?

 

Anyone played with this scenario of routing all traffic from satellites? I guess I could add 2nd virtual router on satellites but seems overkill just for this.

 

 

 

 

 

 

Tags (2)
L7 Applicator

Re: All traffic through LSVPN (or LSVPN route metric)

Hello,

While i dont use LSVPN, why would it need an initial route? Shouldnt it just get them when you connect?

 

Regards,

L5 Sessionator

Re: All traffic through LSVPN (or LSVPN route metric)

I meant the initital default route for the remote location to get internet access and establish LSVPN connection to the gateway. After that the idea is to route all user traffic including internet traffic through VPN.

Highlighted
L4 Transporter

Re: All traffic through LSVPN (or LSVPN route metric)

@santonic Do you really need static default routes on the firewall? Teh filrewall will only need to know the address of the IPs of the Portal and the Gateways, so maybe you can configure these with static roues.

Another option is to use PBF for forc all client traffic over the tunnel, which keeping your default static route on the firewall. 

L5 Sessionator

Re: All traffic through LSVPN (or LSVPN route metric)

Yeah, only specific static routes (to, GW, Portal, maybe updates...) would work if the customer doesn't want backup default route over internet in case there are issues with VPN.

And yeah, PBF is another way to go. Tho I think i would prefer the solution with 2 VRs.

Thanx for your feedback.

L0 Member

Re: All traffic through LSVPN (or LSVPN route metric)

use 2 VR one pointing to your tunnel and one going to the internet, this works for us perfectly

L5 Sessionator

Re: All traffic through LSVPN (or LSVPN route metric)

Yeah, in the end I went for 2 VR option as well and it works well.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!