topic Re: Site to Site VPN issue on 770 Appliance in Spark Firewall (SMB)

Site to Site VPN issue on 770 Appliance

KevinA — Fri, 07 Aug 2020 00:07:22 GMT

Hi All,

We have configured a Site to Site VPN on our 770 appliance with one of our partners, and everything works fine.

However their is an issue accessing a web site which resolves to the same public IP as the VPN tunnel. For some reason the CP is sending the traffic to the VPN tunnel and not out the internet.

Has anyone faced this before? or any ideas?

Thanks,

Kevin

Re: Site to Site VPN issue on 770 Appliance

G_W_Albrecht — Fri, 07 Aug 2020 07:49:03 GMT

A public routable IP can exist only once, so there is something very fishy going on here and i must not comment...

Re: Site to Site VPN issue on 770 Appliance

KevinA — Fri, 07 Aug 2020 08:59:18 GMT

Hi @G_W_Albrecht ,

Sorry if my question / description of the issue was not clear.

The web site that cannot be accessed is also hosted by the same partner that we have the Site-to-Site terminating on.

(So the Tunnel IP is the same for the URL - they have got some kind of portforward set up on their end)

Unfortunately they cannot/will not let us access the URL via the private IP.

Thanks,

Re: Site to Site VPN issue on 770 Appliance

G_W_Albrecht — Fri, 07 Aug 2020 10:20:25 GMT

You can exclude the peers routable IP from Enc Domain, that is, let all connections from internal networks to the public IP go thru Internet, see sk86582: Excluding subnets in encryption domain from accessing a specific VPN community, then this traffic will go thru internet. Strange, but possible...

Please refer to Locally managed SMBs and .def files for implementation !

Re: Site to Site VPN issue on 770 Appliance

KevinA — Tue, 11 Aug 2020 01:45:52 GMT

I owe u a beer mate 🙂