All traffic through LSVPN (or LSVPN route metric)

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

All traffic through LSVPN (or LSVPN route metric)

L6 Presenter

I want all satellites to route all traffic through VPN tunnel when it's available. In GP gateway if I leave Access Routes emtpy or if I publish 0.0.0.0/0 to the satellite I get the default route with metric 100 on the atellite. But that means the static default route entered on initial configuration of satellite will still remain the active route in forwarding table. And if we change metric on static default route (to more than 100) I guess the satellite will lose connectivity with GW gateway over outside interface?

 

Anyone played with this scenario of routing all traffic from satellites? I guess I could add 2nd virtual router on satellites but seems overkill just for this.

 

 

 

 

 

 

6 REPLIES 6

Cyber Elite
Cyber Elite

Hello,

While i dont use LSVPN, why would it need an initial route? Shouldnt it just get them when you connect?

 

Regards,

I meant the initital default route for the remote location to get internet access and establish LSVPN connection to the gateway. After that the idea is to route all user traffic including internet traffic through VPN.

@santonic Do you really need static default routes on the firewall? Teh filrewall will only need to know the address of the IPs of the Portal and the Gateways, so maybe you can configure these with static roues.

Another option is to use PBF for forc all client traffic over the tunnel, which keeping your default static route on the firewall. 

Yeah, only specific static routes (to, GW, Portal, maybe updates...) would work if the customer doesn't want backup default route over internet in case there are issues with VPN.

And yeah, PBF is another way to go. Tho I think i would prefer the solution with 2 VRs.

Thanx for your feedback.

L0 Member

use 2 VR one pointing to your tunnel and one going to the internet, this works for us perfectly

Yeah, in the end I went for 2 VR option as well and it works well.

  • 6554 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!