Site-to-Site Force Tunnel
All Replies
-
Routing. And firewall/policy rules.
0 -
Hi @KITNIT,
Here’s an example setup for this environment;
In USG60’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)1- With the source address of 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 20.20.20.0/24 will be forwarded to SYSTEM_DEFAUL_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
Allow the traffic that comes from IPSec_VPN.
In USG40’s configurations you need to add following policy routes;
(Configuration > Network > Routing > Policy Route)1- With the source address of 20.20.20.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
2- Any traffic to 10.10.10.0/24 will be forwarded to IPSec tunnel with the name of IKEv2
3- Any traffic from 10.10.10.0/24 will be forwarded to SYSTEM_DEFAULT_WAN_TRUNK
You will also need to add a Security Policy rule;
(Configuration > Security Policy > Policy Control)
0
Categories
- 8.5K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 983 Switch
- 46 Switch Ideas
- 878 WirelessLAN
- 22 WLAN Ideas
- 5.2K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight