Hi,
I have some questions, as how XG is actually working when it comes to IPSEC and Routing. On that affected system, the routing to remote IPSEC VPN networks is not working as it should.
We have a static route active, that is 192.168.0.0/16, it is pointing to an internal Gateway (to reach all internals subnet). Now one of our vpn remote networks is 192.168.140.0/24. The vpn tunnel is up and running. The issue actually is, that the packets are not routed via ipsec, the packets are sent to the gateway configured within the static route.
I had opened a case and I was told, that is expected behaviour and to surround this, we could do one of the following:
1) we can achieve this configuration by adding some more static route for VPN also which tells that provided ips will route through ipsec device along with your already added route for 192.168.0.0/16
2) use NATed VPN approach to overcome this problem
I have never seen such a behaviour and I think it is not normal. I think the behaviour from UTM was quite normal. As soon as VPNs establish, the routes are added to the system routing table and are used for routing decisions.
Additionally I was told, that the system route precedence does only apply to route based vpns.
If that is really the expected behaviour, I´m quite confused...
Any ideas about this?
This thread was automatically locked due to age.