We don't want to create an explicit route for the set of Office Mode IPs. This is because, it is routed via the default gateway. But there are instances where you should create a route for the set of office mode IPs. Consider the following example.
The firewall is Internal network is 192.168.x.0/24, and there are branch networks (around 20) with 192.168.w.0/24. You assign the office mode IPs to be 192.168.y.0/24. Since there are many networks internal to the router, the easiest way to configure the routing is to have 192.168.0.0/16 pointed to the internal router.
When you do this kind of a routing configuration, the Remote VPN clients won't get any return packets to them. In simple words, they cannot access any resource which they are intended to access, though the VPN tunnel get established. This because the return traffic is routed to the Internal network because of the summary route we have inserted.f To overcome this issue, you have to add a specific route for the Office Mode IPs. The route should be as follows.
192.168.w.0/24 via Default route.
Say the office mode IPs are assigned from 192.168.23.0/24 network, and the external interface is eth2. Then go to sysconfig. Choose 6 for Routing configuration. Select 1 to Add a Network Route.
Network IP: 192.168.23.0
Subnet mask: 255.255.255.0
Gateway:
This will route the traffic via the VPN tunnel.
No comments:
Post a Comment