- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
02-03-2012 03:36 AM
What's the best way to route all internet traffic (except IPSec VPN tunnels) through a IPSec VPN tunnel interface?
We want to have a single point where all internet traffic passes through and uses the same policies for web and applications.
02-05-2012 11:32 PM
Hi,
I've already tried to set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface. But it seems like this configuration is not working with the logic/processing flowchart of the firewall.
On the remote PA firewall I've added a rule from the VPN zone to Untrust and NAT rule.
Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel. I haven't had chance to try this out as this is in a production environment. Anyone have a lab setup they could test this? Or even better, anyone else actually routing default gateway through a tunnel interface?
02-05-2012 11:37 PM
Hello,
In your previous mail, you said :
Another possible solution is to add static routes to the remote IP of the firewall with a next hop to the gateway, and then route default gateway through the tunnel.
Basically, that's the only way to solve your issue !
With this config, it should work...
Regards,
Hedi
02-06-2012 07:59 AM
Hi...You configured 2 things here: 'set the default route (0.0.0.0) to the tunnel interface, and set the next hop to the gateway for the tunnel interface.' I would recommend testing only one: set the default route 0.0.0.0/0 to the tunnel interface and leave the next hop at <none>. Thanks.
09-30-2012 10:45 AM
Hi. Not work for PPoE with static address (other in default). Any idea? Thanks.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!