cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Client VPN traffic and routing over IPsec Tunnel

L3 Networker

Hi there,

Here is our scenario that I am trying to figure out.

We have two sites (main office and a rack in a data center) that are connected via PAN-2020's on both sides through a IPsec Tunnel. I am trying to route Client VPN traffic that connects at our main office to go over the site-to-site tunnel to access some web servers there. It seems the traffic goes over the tunnel, but all is marked as incomplete. Below is my config..is it a route metric issue or a routing issue in the Client VPN traffic config? Our VPN clients are obtaining DNS from internal domain controllers. Our web server are defined with internal zones on those domain controllers, that is why I am having this issue. Any help would be appreciated.  Can provide additional details as needed.

Main Office:

Zones:

Trust Zone - (192.168.x.x/16)

SSL-VPN Zone - (172.x.x.x/24) - no split brained routing (0.0.0.0/0)

Site-to-Site Tunnel


Routes:

Default Route: 0.0.0.0/0 - metric 10

Trust Zone - metric 5

SSL-VPN Zone - next hop 0.0.0.0 - metric 8

All traffic over tunnel to remote zones - metric 5

Security Policies:

Trust Zone & SSL-VPN zone to Tunnel - allow all traffic

Data Center Rack:

Zones:

Trust Zone - (10.20.x.x/16)

Untrust Zone - (10.30.x.x/16) - were web servers are

Site-to-Site Tunnel


Routes:

Default Route: 0.0.0.0/0 - metric 10

Trust Zone - metric 1

Untrust Zone - metric 1

All traffic over tunnel to remote zones - metric 1

Security Policies:

Trust Zone & Untrust Zone to Tunnel - allow all traffic

Who Me Too'd this topic