We have PA500. It is connected to two ISPs. The requirement of moving specific traffic from LAN to one ISP, and the other taffic from LAN to the second one is easy, using policy based forwarding. But I have problem with two separate SSL-VPN potral connections. As there are two ISPs, I configured two default routings (0.0.0.0/0), to one ISP with lower metric, and to second - with higher one. I confgured two loopback interfaces, on which the SSL-VPNs are accessible from the WAN. (those two loopbacks are of private addrsses, and are destination NATed to public ones). Loopbacks are in VPN zone, while their NATed addresses are: one in ISP1 zone, second in ISP2 zone. Additionally I configured policy based routing, that if source zone is VPN, and source addrsss is loopback1, so the default routing is the adderss of ISP1, and second rule, tha if the source zone is VPN, and source address is loopback2, so the default routing is to ISP2.
But unfortunately, traffic from both SSL-VPN portals is pushed to the default gateway of higher priority (ISP1). So If there is a problem with link to the ISP1 (that not affects the interface of PA500 to be down) there is no possible to set SSL-VPN connection through any of the two portals (as the second portal tied to the ISP2 tries to answer through ISP1s gateway). The only disconnection of the cable from the PA500 causes the system to work properly (if both ISPs are accessible, there is connection to both SSL-VPN) portals.
Does in mean, that loopback interfaces could not work with policy based forwarding, and only works with standard destination routes defined in router ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!