Route all traffic on physical port x over IPSEC Tunnel and port 2 straight out WAN

Forum|Forum|7 years ago
August 20, 2018
1 reply
2755 views

I have a site-to-site VPN established between remote office A and Corp Headquarters. Currently, all traffic from site A goes through the tunnel to corp, including internet traffic.

What I would like to accomplish is this: Any traffic going through physical interface 1 goes through the tunnel and all traffic connected to physical interface 2 goes out the WAN and NOT through the tunnel. The end goal of this is that anyone on WIFI would not be able to touch the corp network for security purposes.

Is this possible? I played around with it some but was not able to get it to work.

Toshi_Esumi

SuperUser

You have to isolate/identify the traffic from WiFi first before you can re-direct the traffic to either interface1, 2 or any tunnels. If they're destined to interface1 or interface2, it's too late to yank them out and re-direct somewhere else. It's already mixed with other "corporate/enterprise" traffic. And more importantly it wouldn't satisfy the security audit/standard like PCI-DSS. We regularly do it at least with vlans, or vdoms if the auditor has more strict standard.

Once you separate it, you can re-direct wherever you want let it go.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded