Route ipsec (route based) to ipsec (policy based)

Started by eell, July 11, 2023, 10:43:27 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 11, 2023, 10:43:27 AM
Hi all,

i have a vpn gateway (22.7.6) with two ipsec tunnels.

A---B (route based (VTI), IKEv2, old style)
B---C (policy based, IKEv2)

And i would like to route traffic from A to C:

A---ipsec-route-based---B(BINAT)---ipsec-policy-based---C

Is this generally possible? Can it even work that way?

I successfully did something similar in connecting two policy based tunnels (ipsec, IKEv2). With BINAT and "Manual SPD entries".

Here I have tried to do the same.
A BINAT rule, to nat the source ip address from A to an address, which maps the policies of B---C. And the source ip address of A in "Manual SPD entries" of phase-2 setting of B---C.

A---B works, B---C likewise, but
Traffic from A---C is visible on the ipsec-interface of B for tunnel A---B,
after that nothing more.
No logging of BINAT, and no routing into the tunnel B---C.

Best regards
eell
Print
Go Up Pages1
User actions