D-Link Forums

The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: Brasse on February 03, 2011, 12:20:58 AM

Title: Static route, over IPSEC VPN with remote gateway
Post by: Brasse on February 03, 2011, 12:20:58 AM

Hello!

I am trying to setup a static route over an IPSEC VPN tunnel.

So.. we have two offices, one in Sweden and one in Estonia, that we have connected with IPSEC VPN (2*DFL-800). And that tunnel works great.

So basicly we have 2 nets.
Sweden: 192.168.1.0/24
Estonia:  192.168.21.0/24
And two different IP-addresses (to the internet) lets say for example:
Sweden: 11.11.11.11
Estonia: 22.22.22.22

What i am trying to accomplish is that when a computer in sweden(11.11.11.11) connects to a specific IP on the internet(lets say 33.33.33.33), that computer should show up as 22.22.22.22 on 33.33.33.33's log file.

Basicly i want to use the internet connection in Estonia from Sweden, when i am connecting to a specific computer(IP) on the internet.


(http://dump.brasse.se/static_route_table.png)
(http://dump.brasse.se/static_route_ip_rule.png)

StaticTarget_net would in this case be 33.33.33.0/24


Theese settings does not work, and i cant figure out where i've gone wrong..

Here is a snippet from the log file:     (192.168.1.110 is my computer from which i did a traceroute)

Code: [Select]

[2011-02-03 09:19:24] FW: IP_PROTO: prio=3 id=07000014 rev=1 event=ttl_low action=drop ttl=1 ttlmin=5 rule=TTLOnLow recvif=lan srcip=192.168.1.110 destip=33.33.33.33 ipproto=UDP ipdatalen=40 srcport=34322 destport=33435 udptotlen=40

Could someone please help?

Title: Re: Static route, over IPSEC VPN with remote gateway
Post by: juanjo on February 04, 2011, 02:34:31 AM

Hello:

I'm not sure but check this:

Goto Sweden

1.- Delete routes created by your self.
2.- Goto Interfaces->Ethernet->Lan
3.- In the configuration on the Lan interface, configure Default Gateway of the Lan interface to the local IP address of the firewall of the Estonia.

Good Luck

Title: Re: Static route, over IPSEC VPN with remote gateway
Post by: Brasse on February 04, 2011, 03:38:43 AM

That would make all internet traffic go through the internet connection in Estonia, that would be a nightmare.


i want all internet traffic to ONE specific IP-address to go through the internet connection in estonia, not ALL internet traffic.

Title: Re: Static route, over IPSEC VPN with remote gateway
Post by: juanjo on February 04, 2011, 04:13:53 AM

Quote from: Brasse on February 04, 2011, 03:38:43 AM

That would make all internet traffic go through the internet connection in Estonia, that would be a nightmare.


i want all internet traffic to ONE specific IP-address to go through the internet connection in estonia, not ALL internet traffic.

Ohh, excuse me.

I misunderstood you, sorry please

Title: Re: Static route, over IPSEC VPN with remote gateway
Post by: Brasse on February 04, 2011, 04:17:43 AM

No harm done, no need to excuse yourself .. thanks for the effort though :)