Question about adding IPSEC subnet to speedfusion published networks


#1

So I have several speedfusion tunnels from Balance 210s to my Balance 380. I added an IPSEC tunnel from another vendors device today and I cannot get the speedfusion connections to see the route to the IPSEC network. It’s not picking it up via the published remote networks and I am not seeing anywhere I can add that. I can ping from the IPSEC remote endpoint to the speedfusion endpoints but I cannot do the reverse. A Traceroute from the speedfusion endpoint to the IPSEC endpoint shows that traffic attempts to go out via the internet rather than over the tunnel. Any help would be appreciated.


#2

Hello,

SpeedFusion does not redistribute routes for IPSEC profiles. You will need to add an Outbound policy for the IPSEC destination networks over the correct SpeedFusion tunnel.

Thanks,
-Jonan
-Peplink


#3

Thanks for the response Jonan. I’ve actually tried persistent and enforced outbound policies for this remote network and it still does not work. It does seem to force the traffic over the tunnel though.


#4

So I’ve had a semi breakthrough.

The trouble IPSEC network is 192.168.23.0/24
This was located on another firewall endpoint so there was a static route on the peplink to that firewall. I did delete this static route at the very beginning.

I grabbed another firewall and configured an IPSEC tunnel using network 172.16.200.0/24
I configured the same outbound policy etc and this works fine.

The issue is that I do not want to change that remote IPSEC users subnet.

I am stumped to say the least.