1
Virtual private networks / Route ipsec (route based) to ipsec (policy based)
« on: July 11, 2023, 10:43:27 am »
Hi all,
i have a vpn gateway (22.7.6) with two ipsec tunnels.
A---B (route based (VTI), IKEv2, old style)
B---C (policy based, IKEv2)
And i would like to route traffic from A to C:
A---ipsec-route-based---B(BINAT)---ipsec-policy-based---C
Is this generally possible? Can it even work that way?
I successfully did something similar in connecting two policy based tunnels (ipsec, IKEv2). With BINAT and "Manual SPD entries".
Here I have tried to do the same.
A BINAT rule, to nat the source ip address from A to an address, which maps the policies of B---C. And the source ip address of A in "Manual SPD entries" of phase-2 setting of B---C.
A---B works, B---C likewise, but
Traffic from A---C is visible on the ipsec-interface of B for tunnel A---B,
after that nothing more.
No logging of BINAT, and no routing into the tunnel B---C.
Best regards
eell
i have a vpn gateway (22.7.6) with two ipsec tunnels.
A---B (route based (VTI), IKEv2, old style)
B---C (policy based, IKEv2)
And i would like to route traffic from A to C:
A---ipsec-route-based---B(BINAT)---ipsec-policy-based---C
Is this generally possible? Can it even work that way?
I successfully did something similar in connecting two policy based tunnels (ipsec, IKEv2). With BINAT and "Manual SPD entries".
Here I have tried to do the same.
A BINAT rule, to nat the source ip address from A to an address, which maps the policies of B---C. And the source ip address of A in "Manual SPD entries" of phase-2 setting of B---C.
A---B works, B---C likewise, but
Traffic from A---C is visible on the ipsec-interface of B for tunnel A---B,
after that nothing more.
No logging of BINAT, and no routing into the tunnel B---C.
Best regards
eell