Skip to main content
XavierMP
XavierMP
New Member
May 22, 2015
Question

Policy Routing SSL VPN

  • May 22, 2015
  • 3 replies
  • 9864 views

Hi, 

can I route ssl vpn traffic through a different internet line?

For example, routing only ssl vpn through ISP2. How can I do that?

Thanks

3 replies

gschmitt
gschmitt
New Member
May 23, 2015

Only create a policy to allow traffic from the SSL.root (SSL VPN interface) to wan2 (ISP2)

Check if this already solves your request

 

If this doesn't work you may need a policy route

 

Go to System > Features and Enable Advanced Routing, click apply

Go to Router > Static > Policy Routes and click Create new

Select Any for the protocol, ssl.root for incoming interface, your SSL VPN ip range as source and 0.0.0.0/0 as destination

Select Forward traffic, your wan2 (ISP2) interface as outgoing interface and enter the ISP2's gateway

 

Please tell me if this worked for you

emnoc
emnoc
New Member
May 24, 2015

Just want to point out on the firewall policy you need to SNAT SSLVPN Pool address behind the egress interface address. And you need to ensure split-tunneling is not engaged. I call this type of sslvpn access a hairpin turn.

 

 

XavierMP
XavierMPAuthor
New Member
May 25, 2015

I haven't tested yet the vpn client.

But this configuration doesn't redirect the VPN Web Portal used by users to download the vpn client through ISP2 It goes through default gateway (ISP1). Is there any way to redirect the web vpn portal through isp2 too?

If not, I will need a dns domain name for web portal and a dns domain name for vpn ssl

Thanks

 

Terms & ConditionsAccessibility statement