How to prevent traffic to directly connected subnets being sent through IPSec VPN tunnel ?
All Replies
-
@PeterUK :
I tried your suggestion a bit differently.
I defined two ranges:
Include_Range_1: 0.0.0.0-192.168.104.255
Include_Range_2: 192.168.110.0-255.255.255.255
Which are everything below 192.168.105.0 and after 192.168.109.255, my local ip subnets.
The zywall 50H doesn't accept ranges in static routes. But it does in Policy Routes (don't ask me why), so I did this:
And with this everything seems to be working the way I want. It is definitely not clean, but it works.
I'll run some more tests to be sure.
0 -
You got what I said a bit wrong I'm talking about the VPN policy routes not the routes outside VPN settings
From what I can tell your now using VTI that zyman2008 said so that a workaround if it works for you so it looks like VTI with routing rules are obeyed just not Policy-based.
0 -
Hi,
Well, I didn't find "VPN policy routes" on the GUI of the 50H. I only found the "Policy Route" and "Static Route" under Network/Routing.
But it doesn't matter. I managed to do what I wanted, even if I didn't understand why I had to do all this.
I can't believe how much time it took me to achieve such a simple thing. And I find this Zywall"s behaviour is often peculiar. I'm pretty disappointed with it, to be honest.
But well, it works.
Thank you everyone for your help, and particularly @PeterUK .
P.S.: This seems to work too, and it's cleaner I think:
"ALL_SUBNETS" is 0.0.0.0/0
0
Freshman Member
Guru Member
Categories
- All Categories
- 442 Beta Program
- 3K Nebula
- 230 Nebula Ideas
- 131 Nebula Status and Incidents
- 6.6K Security
- 667 USG FLEX H Series
- 359 Security Ideas
- 1.8K Switch
- 86 Switch Ideas
- 1.4K Wireless
- 56 Wireless Ideas
- 7.1K Consumer Product
- 307 Service & License
- 499 News and Release
- 96 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 5K FAQ
- 34 Documents
- 89 About Community
- 111 Security Highlight
