How to use "Allow VPN path to take precedence" to force traffic through a VPN tunnel
03/26/2020 23 People found this article helpful 400,707 Views
Description
This article explains how to use "Allow VPN path to take precedence" option when you want to use static route and VPN to reach one or several networks. In this configuration, we want forcing traffic through the VPN and keeping the static route as backup if VPN tunnel is going down.
Resolution
There are two behaviors when VPN's remote network overlapping with the destination of a current Route entry.
1. If the clear text route entry (e.g. ?/24) has a shorter prefix match than the VPN destination network (e.g. ?/30), then the traffic is sent down to the VPN tunnel.
2. If the clear text route entry (e.g. ?/30) has a longer prefix match than or equal to the VPN destination network (e.g. ?/24), then the traffic is sent out in the clear. Unless the checkbox “Allow VPN path to take precedence” is enable.
For example:
We configure one VPN tunnel between two SonicWall. The head's local network is 100.0.0.0/24 and destination network is 101.0.0.0/24.
1. We add a static route to destination network "101.0.0.0/24" with metric 50, and choose "Allow VPN path to take precedence". If the "Allow VPN path to take precedence" is selected, the traffic will go through VPN tunnel. Otherwise, it will go through the static route.
2. We add a static route to destination network "101.0.0.0/28" with metric 50, and choose "Allow VPN path to take precedence". If the "Allow VPN path to take precedence" is selected, the traffic will go through VPN tunnel. Otherwise, it will go through the static route.
3. We add a static route to destination network "101.0.0.0/16" with metric 50. The traffic will go through VPN tunnel whether the "Allow VPN path to take precedence" is selected or not.
Procedure:
Step 1: Log on the firewall. In "Network > Routing" open your "Route Policies".
Step 2: In the "Add Route Policy", set the Metric at "50" and check the "Allow VPN path to take precedence" box.
Step 3: Then click OK.
Related Articles
Categories