routing ipsec tunnel traffic subnets question

Forum|Forum|10 years ago
April 4, 2016
1 reply
2330 views

we have 600c at main office, network is 192.168.10.0/24 we have 90d at remote site, network is 192.168.11.0/24

devices connected via IPSEC tunnel. we have an AS400 server at each site. we have software that sends replication traffic from AS400 at main office to the AS400 at remote site. for DR purposes we need to separate this replication traffic from normal traffic across the IPSEC tunnel, it was recommended to do this by subnet. each server has secondary network card.

can we create new subnet, say 192.168.12.0/24, and give the secondary card on each server an IP address on that subnet, and then route the traffic across the IPSEC tunnel?

or is there a better way?

ede_pfau

SuperUser

Yes, you can do that. I've got no clue why this would enhance your DR chances, though.

For the second subnet across the tunnel, create a new phase2 for the existing phase1 and fill in the Quick mode selectors (like you did in the first phase2, right?).

Then, create a new route on each FGT for the new subnet, pointing to the tunnel.

Finally, add the address object for the new subnet to the existing policies.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded