Traffic between tunnels (and NAT)
Ally Member
Let's say we have three sites: A, B, C.
Between A and B: policy-based site-to-site tunnel
Between B and C: policy-based site-to-site tunnel
Then we need that an host (a single host) from site A reaches an host or a couple of site C. Only
So the config would be
On A:
-policy route with source host, destination host, next hop=A-B-tunnel
(do I need a "return" rule or is it implicit since destination of return traffic is in Site A LAN and so included in default vpn policy route?)
On B:
-policy route with source host (A), destination host (C), next hop=B-C-tunnel
-policy route with source host (C), destination host (A), next hop=A-B-tunnel
On C: like A but inverted.
Is it ok?
And another question: let's say that I want to NAT A host, when it goes to C site, with an address of B LAN. As it would come from that network: this would make simpler things on C site, that should simply relate with B one.
In which routing policy should I set "SNAT-to"? In the first step (policy route from A to B)?
All Replies
-
looks correct do a test here HQ1, HQ2 and HQ3
VLAN66 192.168.66.3 > HQ1 > Tunnel >HQ2 > route to tunnel > HQ3 VLAN47 192.168.255.40
HQ1 route incoming VLAN66 destination 192.168.255.32/28 next hop to tunnel
HQ2 route incoming tunnel destination 192.168.255.32/28 to next hop to tunnel
HQ2 route incoming tunnel destination 192.168.66.0/24 to next hop to tunnel
HQ3 route incoming VLAN47 destination 192.168.66.0/24 next hop to tunnel
0
Guru Member
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 146 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight
