Options

how to route IPsec MUVPN traffic to multiple external interface

tb7108tb7108
in Firebox - VPN Branch Office

I have a need for MUVPN to access a secondary external interface. The VPN works fine but will not route to both externals. Ive tried to configure this behavior using sd-wan but no luck.

Answers

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @tb7108
    The IKEv1/IPSec VPN doesn't allow this to be set in policy, and will just use global settings.

    I would suggest using one of the other VPN types (SSL, IKEv2, or L2TP) if you need this functionality in the policy for that VPN traffic.

    If you need to do this with the IPSec/IKEv1 VPN, you'll need to set your global setting to use the other interface, and set the other policies in your policy set to override this, per policy.

    -James Carson
    WatchGuard Customer Support

  • Options
    tb7108tb7108

    James "global settings to use other interface" were is this option in the Policy manager? if I go into vpn settings i can enable a policy but in the log files it will not even hit the 2 external.

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    @tb7108 In policy manager the global failover settings are in Network -> Configuration, in the multi-wan tab. You'll need to make the other interface your primary there, and set a SD-WAN action in each policy to override that back to what you had.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.