This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing of RED Network through IPSEC Tunnel

Hello Community

 

I have a little routing problem I don't really understand. The Route should be like that

Please dont ask why or tell me to directly connect the UTMs. Thats out of the question in this scenario:

 

For this example lets say (IF = Interface):
RED Network is 192.168.0.0/24 (Gateway 192.168.0.1)
local Network on UTM 1 is 192.168.1.0/24 (Gateway 192.168.1.1 | UTM IF 192.168.1.2)
local Network on UTM 2 is 192.168.2.0/24 (Gateway 192.168.2.1 and its the UTM IF)

The Route should be
RED Gateway IF on UTM1 -> local IF on UTM 1 -> Gateway of that Network -> UTM 2 local Network (via IPsec Tunnel) 


Or with IPs
192.168.0.1 (RED IF)-> 192.168.1.2 (UTM1 IF)-> 192.168.1.1 (Gateway) -> 192.168.2.1 (UTM2 IF)

 

Problem is: even though is set the Firewall rules on UTM 1 to allow any Port from 192.168.0.0/24 to 192.168.1.0/24 and back the Red network cant even communicate with UTM1 IF. So I guess I don't really understand how UTM Routing works. I thought the RED just works as a logical IF of the UTM?



This thread was automatically locked due to age.
Parents
  • Hi David Do Van,

    you have two ways to solve this.

    First make a SNAT Rule if your IPSec does not use strict routing.

    Original Source: RED Network
    Service:            any or a desired group of services

    Destination:      Destination Network

    NAT Source:      On IP Adress of the network already in use of the IPSec tunnel or the interface address of it.
    NAT Service:     leave it blank

    The second way is to add the RED network in the IPSec tunnel.

    In both ways if automatic rule not ticked you have to create it on yourself.

    Best Regards
    DKKDG

Reply
  • Hi David Do Van,

    you have two ways to solve this.

    First make a SNAT Rule if your IPSec does not use strict routing.

    Original Source: RED Network
    Service:            any or a desired group of services

    Destination:      Destination Network

    NAT Source:      On IP Adress of the network already in use of the IPSec tunnel or the interface address of it.
    NAT Service:     leave it blank

    The second way is to add the RED network in the IPSec tunnel.

    In both ways if automatic rule not ticked you have to create it on yourself.

    Best Regards
    DKKDG

Children