Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Forcing all traffic over IPSec VPN and the ability to do further routing

    Scheduled Pinned Locked Moved IPsec
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sigipa
      last edited by

      Hello All,

      Ii it possible to force all traffic over a sit-to-site IPSec tunnel and then route the traffic to another gateway through the tunnel end point device internal interface?

      all traffic-> branch device –>IPSec tunnel --> data center device --> internal interface -> other data center device

      Thanks,
      -S

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        You can't "route" it in the traditional way but depending on what you're trying to do, it may still be possible. It's all up to the Phase 2 networks in IPsec.

        You can force all traffic over the tunnel from the LAN (local P2 net = LAN network, remote P2 net = 0.0.0.0/0) but that means everything from the LAN will be forced over IPsec.

        Once it hits the other side you'll have to pass it in the rules, NAT it outbound, etc.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.