GersonEx
asked on
Routing Branch Site Internet Traffic Through Headquarters
I have a VPN between 2 sites connected by a private link point to point. Now I need to find a way how to allow the Internet Traffic from branch Through the main Firewall since they dont have another source for internet access.
I am using Sonicwall tz 300 in the branch and a NSA 3600 in the HQ.
I will need an static route (default route) from Branch to HQ. But not sure what kind of policies I need in the HQ to make this configuration (NAT and firewall policies)
Both LAN have a different network address, BRANCH: 176.16.20.0 /24 and HQ is 192.168.0.0 /24
Firewall policy's? well since is a private link and not even the client knows the services they are using. Phones. Web sever,Mail. several Custom software, etc everything is allowed.
Regarding NAT. how the rule should be?
X3 is my private link , X1 is the WAN to internet X0 is my HQ LAN
Original Source: x3
Translated Source:original
Original Destination:x1
Translated Destination:original
Original Service:http
Translated Service:original
Inbound Interface: x3
Outbound Interface: x1
Is that good? Or there is another solution?
I am using Sonicwall tz 300 in the branch and a NSA 3600 in the HQ.
I will need an static route (default route) from Branch to HQ. But not sure what kind of policies I need in the HQ to make this configuration (NAT and firewall policies)
Both LAN have a different network address, BRANCH: 176.16.20.0 /24 and HQ is 192.168.0.0 /24
Firewall policy's? well since is a private link and not even the client knows the services they are using. Phones. Web sever,Mail. several Custom software, etc everything is allowed.
Regarding NAT. how the rule should be?
X3 is my private link , X1 is the WAN to internet X0 is my HQ LAN
Original Source: x3
Translated Source:original
Original Destination:x1
Translated Destination:original
Original Service:http
Translated Service:original
Inbound Interface: x3
Outbound Interface: x1
Is that good? Or there is another solution?
ASKER
With L2TP part I am kinda confused since I not using that in my solution. So I will try everything else after L2TP
Hi There,
As far as I understand, even now, without the VPN, your entire HQ internet traffic flows out via the HQ office.
Now all you need to do, as far as I understand, is it to encrypt the entire traffic from branch to headquarters including the traffic destined for the internet.
Follow the below article for S2S VPN config:
http://itgroove.net/thebeagle/2013/10/19/sonicwall-site-to-site-vpn-the-easy-way/
Ideally while defining the phase 2 for the branch office, the destination should be replaced with ANY.
I hope this should work.
As far as I understand, even now, without the VPN, your entire HQ internet traffic flows out via the HQ office.
Now all you need to do, as far as I understand, is it to encrypt the entire traffic from branch to headquarters including the traffic destined for the internet.
Follow the below article for S2S VPN config:
http://itgroove.net/thebeagle/2013/10/19/sonicwall-site-to-site-vpn-the-easy-way/
Ideally while defining the phase 2 for the branch office, the destination should be replaced with ANY.
I hope this should work.
ASKER
I solved this issue. Since I already had a route to the remote networks I just include all the remote networks in the VPN policy. and send everything to the tunnel.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Completed the task.
https://support.software.dell.com/sonicwall-tz-series/kb/sw13628