Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
KevinA
Participant
Jump to solution

Site to Site VPN issue on 770 Appliance

Hi All,

 

We have configured a Site to Site VPN on our 770 appliance with one of our partners, and everything works fine.

However their is an issue accessing a web site which resolves to the same public IP as the VPN tunnel. For some reason the CP is sending the traffic to the VPN tunnel and not out the internet.

Has anyone faced this before? or any ideas?

 

Thanks,

Kevin

 

0 Kudos
1 Solution

Accepted Solutions
G_W_Albrecht
Legend Legend
Legend

You can exclude the peers routable IP from Enc Domain, that is, let all connections from internal networks to the public IP go thru Internet, see sk86582: Excluding subnets in encryption domain from accessing a specific VPN community, then this traffic will go thru internet. Strange, but possible...

Please refer to Locally managed SMBs and .def files for implementation !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

View solution in original post

4 Replies
G_W_Albrecht
Legend Legend
Legend

A public routable IP can exist only once, so there is something very fishy going on here and i must not comment...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
KevinA
Participant

Hi @G_W_Albrecht ,

Sorry if my question / description of the issue was not clear.

The web site that cannot be accessed is also hosted by the same partner that we have the Site-to-Site terminating on.

(So the Tunnel IP is the same for the URL - they have got some kind of portforward set up on  their end)

Unfortunately they cannot/will not let us access the URL via the private IP.

Thanks,

0 Kudos
G_W_Albrecht
Legend Legend
Legend

You can exclude the peers routable IP from Enc Domain, that is, let all connections from internal networks to the public IP go thru Internet, see sk86582: Excluding subnets in encryption domain from accessing a specific VPN community, then this traffic will go thru internet. Strange, but possible...

Please refer to Locally managed SMBs and .def files for implementation !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
KevinA
Participant
I owe u a beer mate 🙂
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events