Odd question, about VLAN and IPSEC VPNs

Tsaico · November 1, 2019, 7:27am

So I have a specific use case that might make it easier on me

I have multiple WAN IPs from the same carrier bound to a specific WAN port. I have multiple VLANs that currently get out to the internet and each other fine. I would like to use an outbound policy to force traffic from a specific VLAN out a specific IP on the WAN1 port.

Right now the only way I can get it work is by putting that WAN2 IP on the WAN2 port and then routing the VLAN traffic out that WAN2. I plan on getting a 2nd carrier on a different circuit soon so I need to free up WAN2.

The VLAN in question is for general web surfing that is attached to a guest network. that I do not want to have access to any other networks than internet and itself. Currently I use an Enforced policy to force VLAN20 out WAN2.

Any ideas of how I can route VLAN 20 out a specific IP of WAN1?

MartinLangmaid · November 1, 2019, 9:13am

The only way you can get a LAN device to use one of the IP aliases on a WAN port that I can think of is if you use 1:1 NAT. Outbound policy is WAN based - not IP based from a WAN transport perspective.

Tsaico · November 5, 2019, 9:53am

So this is the answer. The 1:1 nat to get outbound traffic to go out the specific IP alias. That being said, from a load perspective, it also might be good to push specific traffic out different wan like i have currently configured. But overall the 1:1 is what i need.