This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

default route through tunnel

tsol2001 over 18 years ago

Hello

I have the following situation. I have 2 Sites and 2 Astaro FW's and i want to connect both via a IPSEC Tunnel. No big deal yet.
But my Problem is, that i want to route all traffic from internal network at site A through the tunnel and then enter the Internet at site B.

10.0.0.0/24---ASG110(V7.005)===ASL(6.305)---0.0.0.0/0

If i start the tunnel it seems that the ASG110 is trying to route all traffic through the tunnel and not only the traffic from the internal network(10.0.0.0). The result is, i can't reach the fw from external.

For my understanding strickt routing should prefent this behavior.
The routing table shows this entry before the default route.

0.0.0.0/1 dev ipsec0 proto 42 scope link

Is there a route missing? Shouldn't it be /0?

Has anyone here a suggestion for my problem?

Regards

This thread was automatically locked due to age.

0 HenningE over 18 years ago

I would think that actually pointing the default route for the firewall at the ipsec connection is not what you want. You only want the traffic from the internal network to be routed through the tunnel or else the firewall won't be able to reach the other gateway, as happend to you.

My suggestion: Set up the ipsec connection in a standard manner, giving the real remote subnet in the configuration. Then set up a policy route for all packets coming from the local subnet to the gateway in the remote network. That could do the trick but I have not tested that.

Regards,
Henning
Cancel
Vote Up 0 Vote Down

Cancel