Forcing all traffic over IPSec VPN and the ability to do further routing



  • Hello All,

    Ii it possible to force all traffic over a sit-to-site IPSec tunnel and then route the traffic to another gateway through the tunnel end point device internal interface?

    all traffic-> branch device –>IPSec tunnel --> data center device --> internal interface -> other data center device

    Thanks,
    -S


  • Rebel Alliance Developer Netgate

    You can't "route" it in the traditional way but depending on what you're trying to do, it may still be possible. It's all up to the Phase 2 networks in IPsec.

    You can force all traffic over the tunnel from the LAN (local P2 net = LAN network, remote P2 net = 0.0.0.0/0) but that means everything from the LAN will be forced over IPsec.

    Once it hits the other side you'll have to pass it in the rules, NAT it outbound, etc.