VTI as default gateway?
-
Simple question: if I use a VTI as default gateway, is the system smart enough to notice that obviously it can't route the tunnel over the tunnel, or is the system designed to just route nets other than the one over which the tunnel is transported?
In short, I don't want to saw off the branch I'm sitting on, so to speak... (hence I ask rather than try it out, I might not get into my remote system anymore if it doesn't work...)
If this does work, there's a follow-up question:
I have a DMZ/Guest-LAN, which with NAT I want to send out the WAN interface
Then I have the LAN, which without NAT I want to send out the VTI interface.Is there an easy way to define default gateways based on the traffic origin, or do I have to essentially double (quadruple actually, due to the inability to use IPv4+IPv6 rules) all my FW rules such that for each passing rule I have a version based on source with policy routing to the appropriate GW?
-
@rcfa Hm, would have thought someone would be able to give a simple answer to at least the first question... Anyone?