Redundant VPN Connectivity
Configure an Outbound Policy route with the firewall's external IP NAT disabled if destined for remote VPN peer IP.

Example: Select All from Protocol drop down. Source IP (Firewalls external IP), Source port *, Destination (Remote VPN peer IP), Destination port *. Edit primary WAN (Typically WAN1) and disable all NAT.

For redundancy: WAN2, WAN3, etc., can be edited and a static source NAT configured, NAT'ing the firewalls WAN1 IP to a specific IP from WAN2 or WAN3 when destined for a remote VPN peer.

VPN peers must have NAT-T enabled to faciliate proper connectivity where NAT'ing occurs since ESP is a "Portless Protocol"
25 of 63 people found this helpful.   

Powered by LiveZilla Live Help