This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

All traffic through LSVPN (or LSVPN route metric)

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

All traffic through LSVPN (or LSVPN route metric)

santonic
L6 Presenter

‎09-06-2019 04:24 AM

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active route in forwarding table. And if we change metric on static default route (to more than 100) I guess the satellite will lose connectivity with GW gateway over outside interface?

 

Anyone played with this scenario of routing all traffic from satellites? I guess I could add 2nd virtual router on satellites but seems overkill just for this.

 

 

 

 

 

 

0 Likes Likes
6 REPLIES 6

OtakarKlier
Cyber Elite
Cyber Elite

‎09-06-2019 09:52 AM

Hello,

While i dont use LSVPN, why would it need an initial route? Shouldnt it just get them when you connect?

 

Regards,

0 Likes Likes

santonic
L6 Presenter
In response to OtakarKlier

‎09-09-2019 01:12 AM - edited ‎09-09-2019 01:26 AM

I meant the initital default route for the remote location to get internet access and establish LSVPN connection to the gateway. After that the idea is to route all user traffic including internet traffic through VPN.

0 Likes Likes

BatD
L4 Transporter
In response to OtakarKlier

‎09-09-2019 01:35 AM

@santonic Do you really need static default routes on the firewall? Teh filrewall will only need to know the address of the IPs of the Portal and the Gateways, so maybe you can configure these with static roues.

Another option is to use PBF for forc all client traffic over the tunnel, which keeping your default static route on the firewall. 

santonic
L6 Presenter
In response to BatD

‎09-09-2019 01:45 AM

Yeah, only specific static routes (to, GW, Portal, maybe updates...) would work if the customer doesn't want backup default route over internet in case there are issues with VPN.

And yeah, PBF is another way to go. Tho I think i would prefer the solution with 2 VRs.

Thanx for your feedback.

0 Likes Likes

JonasC
L0 Member

‎09-25-2019 10:47 PM

use 2 VR one pointing to your tunnel and one going to the internet, this works for us perfectly

0 Likes Likes

santonic
L6 Presenter
In response to JonasC

‎09-30-2019 02:46 AM

Yeah, in the end I went for 2 VR option as well and it works well.

0 Likes Likes
  • 7143 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks