Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Jonathan_Lobl
Explorer

Sending wired and wireless internet different directions

I have a customer that wants to route wired traffic in their branch over a star VPN to headquarters as well as through to the internet.  There is a star vpn routing option to do just that. (To center, or through the center to other satellites, to internet and other VPN targets)

 

Their 1550 appliance at the branch office also has wireless in addition to wired.  They want that wireless to be like a guest wireless and just go straight out to the internet from that box.

 

I figured that if that branch’s wireless network source is not included in the branch’s encryption domain that it might work.

 

Spoiler, I just tried it and it gave me an error, “encryption failure: Clear text packet should be encrypted.”

 

My feeling is that it might be a limitation of the VPN routing option and that all traffic either goes over the VPN tunnel or is just dropped, but that doesn’t sound right to me.

 

Has anyone tried this and was able to make it work?

 

Jonathan

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

By default, the encryption domain (i.e. what goes over the VPN) includes all networks.
Sounds like you need to manually define it here:

Screen Shot 2020-06-14 at 12.23.51 AM.png

0 Kudos
Jonathan_Lobl
Explorer

Thanks,

I convinced them to just route all internet from the branch with the same filtering policy as central and this issue went away.

Thanks anyways.

 

0 Kudos