SD-WAN

 View Only
  • 1.  9004 default route via ipsec map?

    Posted Jun 30, 2023 12:50 AM

    Hi there,

    i've a 9004 (MD) connected to a VPNC (9004) and this is connected to an MM/MC.

    The 9004 MD is working fine and i could configure a static route via MM on the MD so that the clients can reach internal company lan.

    However, i also want that the local clients will use our company central firewall when accessing the internet, but i can not configure a 0/0 > ipsec Map route, since the MM complains that them mask 0.0.0.0 isn't correct.

    ip route x.0.0.0 y.0.0.0 ipsec <MAP Name>    WORKS

    ip route 0.0.0.0 0.0.0.0 ipsec <MAP Name>  Not able to configure

    How to achieve, that all client traffic is passing trough the tunnel?

    All devices are on 8.10.0.7, and no aruba central is used.

    Thank You



  • 2.  RE: 9004 default route via ipsec map?

    Posted Nov 04, 2023 06:44 PM
    Edited by TN41 Nov 04, 2023 06:45 PM

    Hi,

    Don't know if you've sorted this out yet, but here is a possible solution.

    You could create a Nexthop with the IPsec map. Then create a PBR where source is client subnet, destination is any, and action is the IPsec nexthop

    Apply the PBR to you client VLAN.

    Tom




  • 3.  RE: 9004 default route via ipsec map?

    Posted Nov 06, 2023 01:14 AM

    Hi Tom,

    thanks for the reply. Yes, i did solve it, but in another way.

    The remote 9004 MD is connecting to 9004 VPNC by IPSec VPN and then to MC. Then on top of this i created L2 GRE Tunnel between the 2 9004 GWs.

    So the initial management of the remote 9004 MD is done via the connection to VPNC and all the VLAN are passed from the remote 9004 MD transparent via the GRE Tunnel to the 9004 VPNC and then pushed to my firewall, where it terminates.

    Marcus