Routing WAN Traffic through Site 2 Site VPN for one device

David,

inside the tunnel you should transport even 0.0.0.0 only for client server and then create a SNAT on UTM9 in order to use the ISP2 wan address.

As a test, create a static routing on your client server where 0.0.0.0 traffic uses the VPN tunnel and see if it works.

Regards

David,

inside the tunnel you should transport even 0.0.0.0 only for client server and then create a SNAT on UTM9 in order to use the ISP2 wan address.

As a test, create a static routing on your client server where 0.0.0.0 traffic uses the VPN tunnel and see if it works.

Regards

Hi lferrara,

i cant create the 0.0.0.0/0 in the Remote Lan Network segment on my XG; so any will suffice? Or is there any way to get the 0.0.0.0/0 into there?

Have you already tried Routing and Snat on UTM9?

David,

you have to create the static routing on your host.

If you need to transport all networks, use a RED Client/Server between XG and UTM9.

Regards

Sorry but i am really confused right now.....

Do i have to add the 0.0.0.0/0 in my vpn tunnel (remote and local network)?

Will i have to tell the client to use the default gateway for 0.0.0.0/0 to be the IP of my UTM?

Or can i just use  static / policy routing on my XG, since the client will use other networks as well and will not be in the network all the time ( and to be fair it is from another service provider which is only using DHCP on its interface).

You need to do a static routing of the Server Ip to the utm and in the utm a rule that those who request the web do the reverse routing until arriving at your Server.

David,

it is quite a strange configuration and I was thinking how to implement it in the best way. Your goal is to use the ISP2 for both outgoing and incoming traffic or only incoming?

Can you explain better your goal? Thanks

A network diagram will help.

Thanks

Hi lferrara,

thanks for your input.

We only need to have to use the ISP2 IP for outgoing traffic ( we need to have a german IP, the ISP1 is sitting in ireland ) for eg. web applications.

We dont need any NAT or traffic routed back from the ISP2 IP through the tunnel to my clients server ( excluded established connections, which we obviously need).

I hope this clears things up.

Thanks David.

I am not sure if it will work (I am not able to try it) but I would try these steps:

• create a static route on your host (for windows use the command route add; for linux edit the etc/sysconfig/network-scripts/route-eth)
• As static route you have to add 0.0.0.0/0.0.0.0 where the gateway is your remote network UTM9 interface
• You need to apply NAT inside the VPN tunnel: https://community.sophos.com/kb/en-us/123356
• Create a SNAT on UTM9 for natted LAN.

Let us know.

Regards