Policy route to wan via specified wan

alexey Posts: 135  Ally Member
edited April 2021 in Security
We use USG 1100 with 2 wan interface in trunk. Added policy route for ipsec with other office via vpn gates and to wan via trunk.
Now need to add special routes for some device via specified wan. I add policy route, in interface set interface with device, set device address, set next hop is needed wan interface. Destination haven't option wan-zone. So i set any. And device route to wan via specific wan, but don't see remote office via ipsec.
How can i set policy route for the device only to wan zone, to ipsec via standart routes?


  • Daniel_LU
    Daniel_LU Posts: 16  Freshman Member
    edited June 2018
    if i understood correctly, you want to route or balance IPSEC VPN traffic to specific WAN.

    You must use VTI!


  • Zyxel_Cooldia
    Zyxel_Cooldia Posts: 931  Zyxel Employee
    edited June 2018
    Hi @alexey,
    You have to create another policy route for site to site VPN connection.
    Incoming interface = ge3
    Source                 = ge3 local lan subnet
    Destination           = Remote site lan subnet
    Next Hop              = Site to Site VPN connection.
    Prioiry                  = This policy route rule proiority must higher than other policy route

Security Highlight