Overview: This article explains how to route SSL VPN remote end traffic over IPSEC VPN
Applicable Versions: UTMv2.0 and above
Scenario:
1: Customer has configured IPSEC VPN between two locations for example location “Head Office” and location “Branch”.
2: Customer has an SSL VPN configured at one of his location for above diagram location “Head Office” and he wants to access the Network located at location “Branch” via SSL VPN remote client.
Diagram:
Head Office:
LAN ETH0 : 192.168.1.0/24
WAN ETH1: 192.168.2.100
SSL VPN configured at Head Office with Virtual network 10.10.10.0/24
Branch Office:
LAN ETH0: 192.168.0.0/24
WAN ETH1: 192.168.3.100
Step 1: Need to add the SSL VPN Virtual network 10.10.10.0/24 in IPSEC VPN local network at Head Office end.
At Head Office:
Step 2: Need to add the SSL VPN Virtual network 10.10.10.0/24 in IPSEC VPN on remote networks at Branch Office end.
Step 3: Add the remote IPSEC route in the SSL VPN remote client under additional command as defined in the image shown below.
Step 4: Create a VPN-to-VPN any rule at both end devices. Also create a UTM-to-WAN rule with remote end local Network in destination zone with SNAT
The IP to be added in SNAT will be the SSL VPN remote Server gateway. To get the gateway IP, access the cli and type in command ifconfig