Site to Site VPN Behind Firewall


#1

Good day,

Please can you assist with a site to site VPN problem we have.

We have a Head office Branch office scenario.
At the head office we cannot connect the Unit (Balance 310) with a public IP and as a result have assigned an internal LAN IP (192.168.0.200/16, gw 192.168.0.201) to the WAN1 port of the unit.
I assigned the LAN side a different unused IP range of 10.50.0.1/24

From the branch we can make a successful Speedfusion VPN connection to the headoffice.
It gets assigned an IP on the 10.50.0.0/24 range and then the traffic is NAT’s out.
In order for the traffic to get get to the head office, I had to turn on the tick box to send all traffic through the speedfusion vpn, however this is not what I want.
I want the internet breakout to happen locally.

Is there a way to manually adjust the routes to prevent all traffic from being sent through the vpn ?
I cant seem to get it to publish the 192.168.0.0/16 as being accesable through the VPN.


#2

Hello,

Per the screenshot of your network described above (feel free to correct if I have missed something). The following should accomplish the goals mentioned above.

  1. Un-tick the “Send All Traffic To” option.
  2. Go to Network>Outbound Policy: This will allow you to control how you would like traffic routed out.
  3. Create the rule below on the branch side: This will basically state all traffic destined for 192.168.0.0 network go through VPN. All other traffic will follow the rest of your outbound policy rules and internet will go through your local connections.



:


#3

Perfect, that was easy enough :slight_smile:

Thanks for the quick help !