"VPN Tunnel" missing in "Next Hop" Type for policy route settings

Options
peppesci
peppesci Posts: 2  Freshman Member
Second Anniversary

Hello,

I'm configuring a Flex50H to have a route from SSLVPN to IPSEC.

With older model I could set "VPN Tunnel" as Type for Next Hop option, and i can find this setting on several guide, but in FLEX50H model is missing.

Are there another way to reach the same goal?

All Replies

  • PeterUK
    PeterUK Posts: 3,915  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary

    Yes this is missing I hope its made to happen on FLEX H models soon

  • PeterUK
    PeterUK Posts: 3,915  Guru Member
    100 Answers 2500 Comments Friend Collector Seventh Anniversary
    edited August 4

    Not sure if it will work but you might be able to use the incoming as any setup Source and Destination Addresses of the SSLVPN and IPSEC then use next hop auto with SNAT none

    Edit try many ways but it can't be done even if you put phase 2 policy for the SSLVPN subnet it don't work the only way is to setup VTI Route-based

  • Zyxel_Tina
    Zyxel_Tina Posts: 109  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Network Administrator - Switch 5 Answers First Comment

    Hi @peppesci,

    To achieve policy routing from SSL VPN to IPsec, you need to configure a policy route with a Virtual Tunnel Interface (VTI) as the next hop. Here's how to configure this:

    1. Create a Route-Based VPN Tunnel:

    • Navigate to the VPN section and create a route-based VPN tunnel.
    • Define the VTI for this VPN.

    For detailed instructions, please refer to this FAQ.

    2. Configure the Policy Route with the VTI as Next Hop:

    • Go to Network > Routing > Policy Route.
    • Add a new policy route.
    • Define the policy name and criteria, including the incoming interface as your SSL VPN zone.
    • For the "Next Hop Type," select "Interface."
    • Choose the VTI created in step 1 as the outgoing interface.
    • Enable Health Check and specify the criteria if needed.

    This configuration ensures that traffic matching your policy route criteria, originating from the SSLVPN, is directed through the specified IPSec VPN tunnel (VTI).

    Zyxel Tina