How to route a traffic from IPSec (Site-to-Site VPN) to Internet

lee_sarawut

I've requirement to set all traffic from a few branches routed to HQ or IT center. Each branch is IPsec VPN site-to-site to HQ and disable split-tunnel. All traffic will be controlled/monitored by HQ before pass-through Internet and/or some internal hosts. So I'd appreciate if you can provide a solution how to add the branch subnets routing and policy on the HQ firewall. Suppose branches subnets are 192.168.10.0/24 and 192.168.11. 0/24; HQ subnets are 192.168.100.0-102.0/24. The HQ FW is running with HA and SonicOS 7. The HQ FW is connected to MPLS and ADSL links.

MustafaA

Hey @lee_sarawut . Please have a look into the following KB article.

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-tunnel-all-internet-traffic-over-site-to-site-vpn/170504924710971/

MitatOnge

other hands,

You can create tunnel interface for each branch to HQ and route policy or best way OSPF.

Tunnel Interface KB:

https://www.sonicwall.com/support/knowledge-base/how-can-i-configure-a-tunnel-interface-vpn-route-based-vpn/170505633799556/

OSFP kb:

https://www.sonicwall.com/support/knowledge-base/how-to-create-a-mesh-vpn-network-using-tunnel-interfaces-and-ospf/170505830495228/

Other VPN scenario kb:

https://www.sonicwall.com/support/knowledge-base/types-of-site-to-site-vpn-scenarios-and-configurations/170505702411896/