Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Tbgaz
Participant

Domain Based VPN Domain Routing Questions

Jump to solution

Hi everyone. I'm trying to setup routing from a branch office to AWS via another office. I've read up on Domain Based VPN and I have some questions about it. All of our gateways are in a meshed community. On the CP article it mentions that the 'accept all encrypted traffic' box should be set within the community settings (we have it unticked).

Is this going to break VPN tunnels between all of our offices if I do this? I understand that I need to edit the vpn_routing.conf file on the security management server and then install policy on the relevant gateway.

I have also read from other sources that the subnet in AWS will have to be added to the VPN domain of the gateway that the branch gateway forwards the traffic to/receives from. Is this correct?

Finally, if I only make the change to the conf file on the SMS, how likely is it that something will go wrong? I've not done this before so I don't want to bring everything crashing down!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

accept all encrypted traffic” shouldn’t break VPN tunnels and you will need to add the relevant AWS subset to the encryption domain of the relevant gateway.

If you edit the file incorrectly and push to the gateways, there is a risk it could be disruptive.
You might want to do it during a maintenance window.

View solution in original post

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

accept all encrypted traffic” shouldn’t break VPN tunnels and you will need to add the relevant AWS subset to the encryption domain of the relevant gateway.

If you edit the file incorrectly and push to the gateways, there is a risk it could be disruptive.
You might want to do it during a maintenance window.

View solution in original post

0 Kudos
Tbgaz
Participant

Thanks PhoneBoy. The change was made and, although traffic isn't successfully passing through yet, there aren't any major issues as a result of the change!

0 Kudos