Hi folks,
I just joined the community as I could not find an answer to a question/a problem I have regarding a VPN tunnel in combination with routing of a public IP subnet in the existing posts. I am used to be working with Fortigate and Checkpoint, but I cannot get my head around the UTM configuration yet.
So here is the deal.
I have set up a tunnel with the following settings
remote encryption domain: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 200.x.x.x/24
local encryption domain: 10.240.0.0/12
All SAs are established, automatic firewall rules are created with the additional network.
As far as I have understood it, there is a route created for every subnet associated with the remote encryption domain in the routing table implicitly (taking a look at the support > advanced tab) shows that there is one:
200.x.x.x/24 dev eth1 proto ipsec scope link src 10.241.0.1
So, when trying to ping a host on the 200.x.x.x/24 subnet from the firewall 10.241.0.1/24, I get a ping timeout.
I have fiddled around with strict routing, bind tunnel to local interface, and an explict static routed for 200.x.x.x/24 > next hop: remote VPN gateway. Non of it works.
Could somebody point me in the right direction?
This thread was automatically locked due to age.
