gateway remote on vpn site to site

wolfweb
wolfweb Posts: 2  Freshman Member
First Comment
edited April 2021 in Security
Hi, I have a ipsec vpn site to site active from site1 172.21.0.0/24 to site2 172.17.0.0./24 
I need for one computer ip 172.17.0.10/24 on site2 to get internet from gateway 172.21.0.1/24
to exit with router on site1
help me, thanks
sorry for my bad english.
Marco

Comments

  • Cooldy
    Cooldy Posts: 9  Freshman Member
    First Comment

    @Marco

    For this scenario, it need to add policy route on both Site 1 and Site 2, configuration as below,

    Site 1:

    incoming interface = any, src ip =any, dst ip =172.17.0.10/24, service=any, next hop type = VPN tunnel.                                                                                                         <= Routing back to site 2

    incoming interface = VPN tunnel, src ip =172.17.0.10/24, dst ip =any , service=any, next type=Auto, source network address translation = outgoing-interface.    <= Outgoing traffic NAT

     

    Site 2:

    incoming interface = lan, src ip =172.17.0.10/24, dst ip =any, service=any, next hopt (type=vpn tunnel, tunnel name= site to site vpn tunnel you created)             <= Redirect the traffic to Site 1.


    Just let me know if the host cannot access Internet by site1.

  • wolfweb
    wolfweb Posts: 2  Freshman Member
    First Comment
    Hi thanks very much for your information, that work fine.

    Now I have to test if the pc 172.17.0.10 (castellanzaprelievi) manages to follow the routes to the wan1/wan2/opt set according to the destination of the services and ip on site1:



Categories

Security Highlight


Read more

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)