SSL VPN at Branch witch SD-WAN

Forum|Forum|5 years ago
January 29, 2021
1 reply
11178 views

Hello,

I am now solving the following configuration and I would like to ask you for advice:

I have two internet connections at the branch: wan1 and wan2. An IPsec tunnels to the HQ is built on each line and both tunnels are members of SD-WAN. So all the traffic goes through the headquarters and it works ok.

Now the customer requires to be able to connect to the branch office directly via SSL VPN and have access to a network other than the production LAN. However, this is not possible because the DR points to the SD-WAN. Of course, the solution is to set up a static route directly to WAN1 / WAN2, but since the client must connect from anywhere (that's what the meaning of VPN is), this solution is not possible.

How to solve this? Connection via HQ is not possible for many reasons (network overlap, security reasons, etc.) Thank you. Jirka

Toshi_Esumi

SuperUser

I would say it's not possible unless you split the tunnel at the branch.

Jirka1Author

Explorer II

toshiesumi wrote:
I would say it's not possible unless you split the tunnel at the branch.

Thanks Toshi, but.."split a tunnel at a branch"..you mean modify P2 so that the source address was the branch range (e.g. 172.17.5.0/24) and not 0.0.0.0/0? Jirka

Toshi_Esumi

SuperUser

Split tunnel means Branch's Internet doesn't go to HQ. That's why it's impossible with the conditions given.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded