Hot!How to route specific IP to specific protocol on VPN Tunnel

Author
Virusxd512
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/01/19 04:07:39
  • Status: offline
2020/01/27 00:51:07 (permalink)
0

How to route specific IP to specific protocol on VPN Tunnel

Hi,
I need to route a whole subnet to specific IP address Via VPN tunnel.
as an example i have subnet of 10.0.0.1/24 and i want to route All RDP traffic to 192.168.20.21 through VPN tunnel.
 (I already have a stable VPN connection between both ends)
 
Thanks!.
post edited by Virusxd512 - 2020/01/28 00:56:58
#1

5 Replies Related Threads

    ShawnZA
    Bronze Member
    • Total Posts : 50
    • Scores: 7
    • Reward points: 0
    • Joined: 2018/04/02 23:31:22
    • Location: Cape Town
    • Status: offline
    Re: How to route specific IP to specific protocol on VPN Tunnel 2020/01/27 01:13:56 (permalink)
    0
    Is the 10.0.0.0/24 your local subnet?
    And is there an existing VPN tunnel or do you also need to create the VPN tunnel?
    #2
    Virusxd512
    New Member
    • Total Posts : 3
    • Scores: 0
    • Reward points: 0
    • Joined: 2020/01/19 04:07:39
    • Status: offline
    Re: How to route specific IP to specific protocol on VPN Tunnel 2020/01/28 00:56:10 (permalink)
    0
    @ShawnZA Hi,
    I already have a stable VPN connection.
     
    Thanks!
    #3
    ede_pfau
    Expert Member
    • Total Posts : 6184
    • Scores: 510
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: How to route specific IP to specific protocol on VPN Tunnel 2020/01/28 01:56:56 (permalink)
    0
    If your VPN is a site-to-site VPN (IPsec of course), the tunnel name already is a virtual interface to which you can route.
    Create a new static route (Network>Static Routes), target network=192.168.20.0/24 (or even smaller like 192.168.20.21/32), interface=tunnel_name, gateway=(leave empty).
     
    This particular setup works for IPsec VPNs, you don't have to specify a gateway address.
    Then you need an outbound policy from LAN to tunnel, and of course the same on the other side.
     
    Note that you cannot route just RDP traffic to the tunnel, and other traffic elsewhere. Wouldn't make much sense anyway.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #4
    rwpatterson
    Expert Member
    • Total Posts : 8434
    • Scores: 199
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: How to route specific IP to specific protocol on VPN Tunnel 2020/01/28 06:43:42 (permalink)
    0
    Could this not be done with a policy route?
     

    Attached Image(s)


    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #5
    ede_pfau
    Expert Member
    • Total Posts : 6184
    • Scores: 510
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: How to route specific IP to specific protocol on VPN Tunnel 2020/01/28 14:25:14 (permalink)
    0
    @Bob,
     
    if you can determine the route just by looking at the destination address, use a regular route. If you need other information, like source address or interface, use a Policy Based Route.
    I personally don't like PBRs much although this is better supported in FOS v6 than before (CLI only). For instance, there is no indication in the Routing Monitor that a PBR is in place. Might cost a lot of time until you realize if you haven't set it up yourself.
     
    So, yes, a PBR would do the job as it is a 'super set' of regular routing.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #6
    Jump to:
    © 2020 APG vNext Commercial Version 5.5