0

I have a SSG5 firewall with some route based VPN. I have a LAN, a DMZ, an another net and WAN. How should I do to make DMZ use VPN and not LAN? I think it's a routing problem. But Source routing doesn't solve my problem.

It was easier on my old OpenBSD Box 'cause route where made by the system automatically. I think it was using Sthe VPN (SA/ProxyID) configuration to add configure them.

Thank U !

Maxwell
  • 5,076
  • 1
  • 26
  • 31
Matthieu
  • 443
  • 4
  • 12
  • Could you please give more informations as i don't fully understand your question, please? – Maxwell Aug 12 '09 at 07:33
  • Ok, If I configure a destination route to tell the ssg to send trafic to the VPN, this route will apply to all interfaces. But this route must be used for DMZ only, not LAN. Do I need to change my route based VPN to Policy based VPN to do this? – Matthieu Aug 12 '09 at 07:58
  • Did you tried Policy Based Routing if available on your SSG? – Maxwell Aug 12 '09 at 08:10

1 Answers1

0

In ScreenOS, you can use PBR (Policiy based routing) which opers at the interface level to selectively cause packets to take different paths, PBR acls are processed in the first part of the route lookup. This should fit your needs.

Here's the online documentation for PBR routing un ScreenOs 61.0.

Maxwell
  • 5,076
  • 1
  • 26
  • 31