"VPN Tunnel" missing in "Next Hop" Type for policy route settings

peppesci

Hello,

I'm configuring a Flex50H to have a route from SSLVPN to IPSEC.

With older model I could set "VPN Tunnel" as Type for Next Hop option, and i can find this setting on several guide, but in FLEX50H model is missing.

Are there another way to reach the same goal?

PeterUK

Yes this is missing I hope its made to happen on FLEX H models soon

PeterUK

Not sure if it will work but you might be able to use the incoming as any setup Source and Destination Addresses of the SSLVPN and IPSEC then use next hop auto with SNAT none

Edit try many ways but it can't be done even if you put phase 2 policy for the SSLVPN subnet it don't work the only way is to setup VTI Route-based

Zyxel_Tina

Hi @peppesci,

To achieve policy routing from SSL VPN to IPsec, you need to configure a policy route with a Virtual Tunnel Interface (VTI) as the next hop. Here's how to configure this:

1. Create a Route-Based VPN Tunnel:

• Navigate to the VPN section and create a route-based VPN tunnel.
• Define the VTI for this VPN.

For detailed instructions, please refer to this FAQ.

2. Configure the Policy Route with the VTI as Next Hop:

• Go to Network > Routing > Policy Route.
• Add a new policy route.
• Define the policy name and criteria, including the incoming interface as your SSL VPN zone.
• For the "Next Hop Type," select "Interface."
• Choose the VTI created in step 1 as the outgoing interface.
• Enable Health Check and specify the criteria if needed.

This configuration ensures that traffic matching your policy route criteria, originating from the SSLVPN, is directed through the specified IPSec VPN tunnel (VTI).