Hello,
We have a problem with the mix of policy routing and SSL VPN remote access.
We don't use Failover or uplink balancing.
In the case we test, the range 10.20.0.0/24 should only access internet through the router 192.168.20.200. So the policy routing we create is
Route Type: Gateway route
Source Interface: Lan 2 (10.20.0.254)
Source Network: 10.20.0.0/24
Service: Any
Destination Network: any
Gateway: Router 2 (192.168.20.200)
In the firewall settings, we add this rule
Masquerading:
Lan2 --> Wan2 (10.20.0.254)
FW rules:
Lan2 --> any --> 0.0.0.0/0 with Wan2 interface
Eveything works fine until we try an ssl vpn access from internet through router 1.
Tcpdump on tun0:
12:42:48.265920 IP 10.242.2.6 > 10.20.0.2: ICMP echo request, id 31531, seq 989, length 64
12:42:49.273975 IP 10.242.2.6 > 10.20.0.2: ICMP echo request, id 31531, seq 990, length 64
12:42:50.281965 IP 10.242.2.6 > 10.20.0.2: ICMP echo request, id 31531, seq 991, length 64
12:42:51.289946 IP 10.242.2.6 > 10.20.0.2: ICMP echo request, id 31531, seq 992, length 64
Tcpdump on eth3 (10.20.0.254):
12:42:10.970066 IP 10.242.2.6 > 10.20.0.2: ICMP echo request, id 31531, seq 952, length 64
12:42:10.970283 IP 10.20.0.2 > 10.242.2.6: ICMP echo reply, id 31531, seq 952, length 64
..
The default gateway for the client 10.20.0.2 is 10.20.0.254
Do you have some advice ?
Thanks
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
