"VPN Tunnel" missing in "Next Hop" Type for policy route settings
Freshman Member
Hello,
I'm configuring a Flex50H to have a route from SSLVPN to IPSEC.
With older model I could set "VPN Tunnel" as Type for Next Hop option, and i can find this setting on several guide, but in FLEX50H model is missing.
Are there another way to reach the same goal?
Accepted Solution
-
Hi @peppesci,
To achieve policy routing from SSL VPN to IPsec, you need to configure a policy route with a Virtual Tunnel Interface (VTI) as the next hop. Here's how to configure this:
1. Create a Route-Based VPN Tunnel:
- Navigate to the VPN section and create a route-based VPN tunnel.
- Define the VTI for this VPN.
For detailed instructions, please refer to this FAQ.
2. Configure the Policy Route with the VTI as Next Hop:
- Go to
Network > Routing > Policy Route. - Add a new policy route.
- Define the policy name and criteria, including the incoming interface as your SSL VPN zone.
- For the "Next Hop Type," select "Interface."
- Choose the VTI created in step 1 as the outgoing interface.
- Enable Health Check and specify the criteria if needed.
This configuration ensures that traffic matching your policy route criteria, originating from the SSLVPN, is directed through the specified IPSec VPN tunnel (VTI).
Zyxel Tina
0
Zyxel Employee
All Replies
-
Yes this is missing I hope its made to happen on FLEX H models soon
0 -
Not sure if it will work but you might be able to use the incoming as any setup Source and Destination Addresses of the SSLVPN and IPSEC then use next hop auto with SNAT none
Edit try many ways but it can't be done even if you put phase 2 policy for the SSLVPN subnet it don't work the only way is to setup VTI Route-based
0 -
Hi @peppesci,
To achieve policy routing from SSL VPN to IPsec, you need to configure a policy route with a Virtual Tunnel Interface (VTI) as the next hop. Here's how to configure this:
1. Create a Route-Based VPN Tunnel:
- Navigate to the VPN section and create a route-based VPN tunnel.
- Define the VTI for this VPN.
For detailed instructions, please refer to this FAQ.
2. Configure the Policy Route with the VTI as Next Hop:
- Go to
Network > Routing > Policy Route. - Add a new policy route.
- Define the policy name and criteria, including the incoming interface as your SSL VPN zone.
- For the "Next Hop Type," select "Interface."
- Choose the VTI created in step 1 as the outgoing interface.
- Enable Health Check and specify the criteria if needed.
This configuration ensures that traffic matching your policy route criteria, originating from the SSLVPN, is directed through the specified IPSec VPN tunnel (VTI).
Zyxel Tina
0
Guru Member
Categories
- All Categories
- 438 Beta Program
- 2.7K Nebula
- 188 Nebula Ideas
- 121 Nebula Status and Incidents
- 6.2K Security
- 454 USG FLEX H Series
- 303 Security Ideas
- 1.6K Switch
- 81 Switch Ideas
- 1.3K Wireless
- 44 Wireless Ideas
- 6.8K Consumer Product
- 278 Service & License
- 435 News and Release
- 88 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 4.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 91 Security Highlight
