Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 2 subscribers
  • Views 6356 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route Web Traffic over IPSec Tunnel

PabloDiablo
Hi All,
I don't know if it's technical possible but maybe some has tried this setup.
I have an UTM with WebProxy enabled. Also the UTM has a Site-2-Site IPSec connection. Also I have a VM with squid at the end of the IPSec tunnel.

Now I want to route all web traffic from the UTM to the VM at the end of the IPSec tunnel.
I know I can go use Parent Proxy, but I want not all devices uses the VM (with Squid) at the end of the tunnel.

How do I accomplish this? Masquerade Rules, SNAT,Policy Routes? I have no clue...
So any help is welcome,
TIA


This thread was automatically locked due to age.
Parents
  • 0
    why do I have to use the ip "10.21.21.21"? I don't have that network segment...
     
    I want only that web traffic from segment 21.21.21.0/24 is forwarded to 22.22.22.22.

    If you put 21.21.21.0/24 into the VPN, then all traffic from that segment will go through the VPN to 22.22.22.22.  If you want to maintain tracking of separate IPs in the squid, you could use a 1-to-1 source NAT instead of the SNAT above.  In that case, 10.21.21.21.0/24 would be in local networks.

    But, it sounds like you're taking another route to a solution...

    Does the Host definition in the Parent Proxy have IPv6 defined? And is IPv6 activated in 'Intrerfaces & Routing'?

    Cheers - Bob
  • 0 in reply to BAlfson
    thanks for the reply.
    IPv6 is activated on UTM 9 (firewall1) but the internal interface doesn't has a IPv6 address only 21.21.21.1.

    I pm'ed you with more details...
Reply Children
  • 0 in reply to PabloDiablo
    Well, I'm really stuck now [[:(]]

    Nothing seems to work what I want and I thought it was quite easy...

    One of the things that maybe was bothering was that I configured Masquerading.
    So if I set any SNAT rules, Masquearding was overruling it, I guess.

    Now I made a SNAT-rule, internal network->Web Surfing-> ANY, source: WAN (interface)
    But still webtraffic isn't forwarded/routed to the other firewall [[:(]]

    is it even possible?
    I want all traffic from network1 (21.21.21.0/24) routed over de IPSec Tunnel to firewall2 (also UTM9), then from firewall2 goes to internet (if possible through web proxy). Host 22.22.22.22 Squid won't be used.