How to route all traffic over site to site VPN tunnel?
Posted
by
Hutch
on Server Fault
See other posts from Server Fault
or by Hutch
Published on 2010-09-17T16:43:20Z
Indexed on
2012/03/23
17:32 UTC
Read the original article
Hit count: 274
I have a site to site VPN configured between our main site (Site A) and a remote site (Site B).
Site A is 10.60.0.0/16 Site B is 192.168.99.0/24
The firewall in Site B is a Juniper SSG running ScreenOS 6.3 and I'm using a route based VPN.
The tunnel works perfectly in that from Site A you can reach 192.168.99.0 via the tunnel, and from Site B you can reach 10.60.0.0 via the tunnel.
However, we want it so that if you're in Site B and want the Internet it goes via the firewall at Site A, and right now on the Juniper 0.0.0.0 has the ISP router as next hop.
My understanding is that on the Juniper, I can set a route for the /32 public IP at our main site that the VPN tunnel connects to to the ISP router via ethernet0/0 (the SSG's external interface), and then modify the 0.0.0.0 route to use our main site firewall via tunnel.1 (the VPN tunnel).
Not sure I've explained that so well but is my understanding correct?
Thanks
© Server Fault or respective owner