Hi!
I'm trying to make a setup where all my traffic from clients goes through ipsec vpn to our datacenter.
From MD on branch to central firewall (ipsec between md and the firewall).
I've done a next-hop route and and acl on my vlan interfaces. I get traffic to my testclient.
The problem is the source traffic from the md itself. Since we use clearpass as RADIUS / TACACS we want the traffic from our mgmt-vlan to go trough the tunnel aswell.
But I cannot get this to work.
I've tried manually adding a route:
S 10.10.10.10/32 [0/1] ipsec map central-hub
I've tried "force tunnelmode" makes no difference.
ipsecmap:
Crypto Map Template"central-hub" 100
IKE Version: 1
IKEv1 Policy: 20
Security association lifetime seconds: xx
Security association lifetime kilobytes: N/A
PFS (Y/N): Y xxx
Transform sets=xxx
Peer gateway: x.x.x.x
Monitor IP: 0.0.0.0
Interface: VLAN 1
Source network: y.y.y.y/255.255.248.0
Destination network: ANY
Pre-Connect (Y/N): Y
Client NAT mode (Y/N): N
Tunnel Trusted (Y/N): Y
Forced NAT-T (Y/N): N
Uplink Failover (Y/N): N
Force-Tunnel-Mode (Y/N): YUplink LoadBalance (Y/N): N
IP Compression (Y/N): N
Any pointers on how to make this work ?