How to route all traffic over site to site VPN tunnel?

Posted by Hutch on Server Fault See other posts from Server Fault or by Hutch
Published on 2010-09-17T16:43:20Z Indexed on 2012/03/23 17:32 UTC
Read the original article Hit count: 274

Filed under:
|
|

I have a site to site VPN configured between our main site (Site A) and a remote site (Site B).

Site A is 10.60.0.0/16 Site B is 192.168.99.0/24

The firewall in Site B is a Juniper SSG running ScreenOS 6.3 and I'm using a route based VPN.

The tunnel works perfectly in that from Site A you can reach 192.168.99.0 via the tunnel, and from Site B you can reach 10.60.0.0 via the tunnel.

However, we want it so that if you're in Site B and want the Internet it goes via the firewall at Site A, and right now on the Juniper 0.0.0.0 has the ISP router as next hop.

My understanding is that on the Juniper, I can set a route for the /32 public IP at our main site that the VPN tunnel connects to to the ISP router via ethernet0/0 (the SSG's external interface), and then modify the 0.0.0.0 route to use our main site firewall via tunnel.1 (the VPN tunnel).

Not sure I've explained that so well but is my understanding correct?

Thanks

© Server Fault or respective owner

Related posts about vpn

Related posts about firewall