cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
gladeeaytur
New Contributor II

using a VPN as a gateway

Jump to solution

I would like to set up a default gateway to use the VPN remote network for all internet queries.

Labels (3)
0 Kudos
1 Solution

Accepted Solutions
Anonymous
Not applicable

Re: using a VPN as a gateway

Jump to solution

:

This application is often called "Central Traffic Policing VPN."  This is when remote sites are required to send their Internet traffic through a central site before accessing the Internet.  Review the Configuring a VPN Using Main Mode in AOS guide for reference on how to setup a VPN.  However, with this application, the setup is the same as a standard VPN, except the VPN Selectors are different.  The VPN selectors need to reflect the destination as "any" because it is going to be routed to the public Internet, and the true destination address is unknown.  Here is an example configuration of this portion of the VPN (the remote site's LAN subnet is 10.1.1.0 /24):

Central Site Configuration:

ip access-list extended VPN-TO-REMOTE

  permit ip any 10.1.1.0 0.0.0.255

!

ip policy-class Private

  allow list VPN-TO-REMOTE stateless

!

ip policy-class Public

  allow reverse list VPN-TO-REMOTE stateless

Remote Site Configuration:

ip access-list extended VPN-TO-MAIN

  permit ip 10.1.1.0 0.0.0.255 any

!

ip policy-class Private

  allow list VPN-TO-MAIN stateless

!

ip policy-class Public

  allow reverse list VPN-TO-MAIN stateless

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.

Levi

View solution in original post

0 Kudos
5 Replies
Anonymous
Not applicable

Re: using a VPN as a gateway

Jump to solution

:

Thank you for asking this question in the support community.  Is there any additional information you can provide?  From the input you provided I think the setup is as follows:

Site A ---- VPN ---- Site B ---- Internet

You want Site A to send all Internet traffic over the VPN to Site B's Internet connection?  Please, let me know if this is correct, and I will be happy to provide some suggestions for you.

Levi

gladeeaytur
New Contributor II

Re: using a VPN as a gateway

Jump to solution

Yes Levi this is what I would like to accomplish

Anonymous
Not applicable

Re: using a VPN as a gateway

Jump to solution

:

This application is often called "Central Traffic Policing VPN."  This is when remote sites are required to send their Internet traffic through a central site before accessing the Internet.  Review the Configuring a VPN Using Main Mode in AOS guide for reference on how to setup a VPN.  However, with this application, the setup is the same as a standard VPN, except the VPN Selectors are different.  The VPN selectors need to reflect the destination as "any" because it is going to be routed to the public Internet, and the true destination address is unknown.  Here is an example configuration of this portion of the VPN (the remote site's LAN subnet is 10.1.1.0 /24):

Central Site Configuration:

ip access-list extended VPN-TO-REMOTE

  permit ip any 10.1.1.0 0.0.0.255

!

ip policy-class Private

  allow list VPN-TO-REMOTE stateless

!

ip policy-class Public

  allow reverse list VPN-TO-REMOTE stateless

Remote Site Configuration:

ip access-list extended VPN-TO-MAIN

  permit ip 10.1.1.0 0.0.0.255 any

!

ip policy-class Private

  allow list VPN-TO-MAIN stateless

!

ip policy-class Public

  allow reverse list VPN-TO-MAIN stateless

I hope that makes sense, but please do not hesitate to reply to this post with any additional questions.  I will be happy to help in any way I can.

Levi

0 Kudos
Anonymous
Not applicable

Re: using a VPN as a gateway

Jump to solution

:

I went ahead and flagged this post as “Assumed Answered.”  If any of the responses on this thread assisted you, please mark them as either Correct or Helpful answers with the applicable buttons.  This will make them visible and help other members of the community find solutions more easily.  If you still need assistance, I would be more than happy to continue working with you on this - just let me know in a reply.

Levi

Anonymous
Not applicable

Re: using a VPN as a gateway

Jump to solution

I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post and unmark it and select another in its place with the applicable buttons.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

Thanks,

Noor