IPSec VPN as outbound Policy


I can’t see that this has been answered, unless someone can point me in the right direction of course.

I have a Balance 30 (6.3.1 build 3138) with an Active/Established IPsec VPN and I want to route, for example, all web traffic via the IPsec VPN. However regardless of the “Algorithm” I choose the Established IPsec VPN doesn’t show as an option to choose from. Am I missing something? Is there another way round this?

Any help would be appreciated.

Thanks in advance.


You can route traffic by using Outbound Policy if you are using PepVPN/SpeedFusion tunnnel.

Are you referring to route HTTP/HTTPS to IPSec tunnel? If so, this is not possible. If you wish to route all traffic to IPSec tunnel, you may configure as below.

1 Like

That’s a real problem for us. Were planning to install 1 of these in each of the customers 30+ sites and each will point back to a 3rd party proxy server.

Is there anyway of excluding certain traffic if we have to route all subnets through the VPN?

Can this be added in a future release?



This can be achieved if HQ and remote sites are using PepVPN/SpeedFusion instead if IPSec tunnel. Please consider using PepVPN/SpeedFusion.

1 Like

Thanks but that’s not possible. As I have said, the “HQ” as you call it is a 3rd party we use as a proxy for web content filtering.

Unfortunately, you can’t achieve what you need in IPSec tunnel. Below is the suggestion:-

Clients —> New Balance router/PBR router (WAN1) —HTTP, HTTPS—> Existing Balance router —IPSec—> Remote IPSec router
--------------------------------------------------(WAN2) —> Internet

Hope this help.

1 Like

Hi @TK_Liew.

Since this topic was created a few years ago I have to ask again…

Is it available in any of the latest firmware an option to enforce specific traffic (HTTP and HTTPS) through an IPSec tunnel in the outbound policy section? (as we can do for pepvpn profiles)



Just curious third party device able to do the same feature ?

1 Like

Hi @sitloongs

At the moment there is no third party device… just the Balance 305 (85 units) balancing the connections.

The objective is to force HTTP and HTTPS traffic through an IPSec tunnel to Forcepoint. Any other traffic should be routed directly to Internet (for example office 365)… In the short-term future, there will be an SpeedFusion tunnel to a central office for the ERP system traffic.

Other third party devices do have this feature.

We attempted the work around, as mentioned earlier in the thread, that was to have the remote networks as with a mask of but this obviously can’t select traffic bassed on service or port, it just sends the lot up the VPN. I should add also, certainly on the Balance 20’s and 30’s, routing all that traffic kills the CPU off and we saw the router report online offline on a regular basis throughout the day, such that this ended up not being a solution in the end unfortunately.

Hi @sitloongs

Is there any option of getting this feature in future firmware releases?

BTW. I forgot to answer you question… Even though we are not replacing a third-party device, as far as I know, other brands make use of an IPSec tunnel in “interface mode”, this way policy routes can be applied.

Thanks and best regards.

Feature filed but no ETA for now.

1 Like

Noted with thanks @sitloongs

Best regards.

My company is also interested in this. We would like to be able to use IPSec VPN as an option in the Outbound Policies.