Route All traffic for GVC users with WAN Failover.

This configuration allows you to configure "Route-all" when WAN failover is configured.

Resolution for SonicOS 7.X

This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.

How to configure Wan GroupVPN in Route All mode: WAN GroupVPN Route All Traffic Policy

After configuring WAN GroupVPN in route All Traffic mode, NAT policies need to be configured on all WAN IPs.

If two WANs (X1 and X2) are configured in Basic failover mode, we must create NAT policy on both interfaces. The general NAT we create for " route All Traffic mode" is as:

• Original Source:   Any
• Translated Source:  X1 IP
• Original Destination:  Any
• Translated Destination:  Original
• Original Service:  Any
• Translated Service:  Original
• Inbound Interface:  X1
• Outbound Interface:  X1

As two WANs are configured in Basic failover method, two scenarios arise:

Scenario 1:
If X1 is the primary WAN, and the GVC user is using X1 WAN IP to connect, then the above NAT will work. But if the User is using X2 WAN IP to connect to GVC then Inbound Interface will be X2.

• Original Source:   Any
• Translated Source:  X1 IP
• Original Destination:  Any
• Translated Destination:  Original
• Original Service:  Any
• Translated Service:  Original
• Inbound Interface:  X2
• Outbound Interface:  X1

Scenario 2:
X2 is primary WAN and and the user is using X2 WAN IP to connect, then the above NAT will be as:

• Original Source:   Any
• Translated Source:  X2 IP
• Original Destination:  Any
• Translated Destination:  Original
• Original Service:  Any
• Translated Service:  Original
• Inbound Interface:  X2
• Outbound Interface:  X1

If user is using X1 WAN IP to connect to GVC as X2 is primary WAN, then NAT will be as:

• Original Source:   Any
• Translated Source:  X2 IP
• Original Destination:  Any
• Translated Destination:  Original
• Original Service:  Any
• Translated Service:  Original
• Inbound Interface:  X1
• Outbound Interface:  X2

In order to connect to GVC when failover is configured for two WAN interfaces, we need to configure 4 NAT policies. If WAN Failover is configured in three WAN interfaces, then six NAT policies need to be configured.