This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to route internet traffic through a tunnel interface

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How to route internet traffic through a tunnel interface

helge
Not applicable

‎02-03-2012 03:36 AM

What's the best way to route all internet traffic (except IPSec VPN tunnels) through a IPSec VPN tunnel interface?

We want to have a single point where all internet traffic passes through and uses the same policies for web and applications.

0 Likes Likes
5 REPLIES 5

rmonvon
L6 Presenter

‎02-03-2012 07:03 AM

Hi...You can try defining a default route and set the next-hop to be the tunnel interface.  Thanks.

0 Likes Likes

helge
Not applicable
In response to rmonvon

‎02-05-2012 11:32 PM

Hi,

I've already tried to set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface. But it seems like this configuration is not working with the logic/processing flowchart of the firewall.

On the remote PA firewall I've added a rule from the VPN zone to Untrust and NAT rule.

Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel. I haven't had chance to try this out as this is in a production environment. Anyone have a lab setup they could test this? Or even better, anyone else actually routing default gateway through a tunnel interface?

0 Likes Likes

licenselu
L4 Transporter
In response to helge

‎02-05-2012 11:37 PM

Hello,

In your previous mail, you said :

Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel.

Basically, that's the only way to solve your issue !

With this config, it should work...

Regards,

Hedi

0 Likes Likes

rmonvon
L6 Presenter
In response to helge

‎02-06-2012 07:59 AM

Hi...You configured 2 things here: 'set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface.'  I would recommend testing only one: set the default route 0.0.0.0/0 to the tunnel interface and leave the next hop at <none>.  Thanks.

hsnetworks01
Not applicable
In response to rmonvon

‎09-30-2012 10:45 AM

Hi. Not work for PPoE with static address (other in default). Any idea? Thanks.

0 Likes Likes
  • 4190 Views
  • 5 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks