09-19-2013 01:50 PM
Hi there,
Here is our scenario that I am trying to figure out.
We have two sites (main office and a rack in a data center) that are connected via PAN-2020's on both sides through a IPsec Tunnel. I am trying to route Client VPN traffic that connects at our main office to go over the site-to-site tunnel to access some web servers there. It seems the traffic goes over the tunnel, but all is marked as incomplete. Below is my config..is it a route metric issue or a routing issue in the Client VPN traffic config? Our VPN clients are obtaining DNS from internal domain controllers. Our web server are defined with internal zones on those domain controllers, that is why I am having this issue. Any help would be appreciated. Can provide additional details as needed.
Main Office:
Zones:
Trust Zone - (192.168.x.x/16)
SSL-VPN Zone - (172.x.x.x/24) - no split brained routing (0.0.0.0/0)
Site-to-Site Tunnel
Routes:
Default Route: 0.0.0.0/0 - metric 10
Trust Zone - metric 5
SSL-VPN Zone - next hop 0.0.0.0 - metric 8
All traffic over tunnel to remote zones - metric 5
Security Policies:
Trust Zone & SSL-VPN zone to Tunnel - allow all traffic
Data Center Rack:
Zones:
Trust Zone - (10.20.x.x/16)
Untrust Zone - (10.30.x.x/16) - were web servers are
Site-to-Site Tunnel
Routes:
Default Route: 0.0.0.0/0 - metric 10
Trust Zone - metric 1
Untrust Zone - metric 1
All traffic over tunnel to remote zones - metric 1
Security Policies:
Trust Zone & Untrust Zone to Tunnel - allow all traffic
