3 Replies Latest reply on Dec 17, 2015 1:12 AM by lnurmi

    Route traffic between VPN

    rubénares

      Hi all.

       

      I have a NGFW versión 5.9.0 with a Mobile VPN and several site-to-site VPNs.

       

      What's the way to configure this so Mobile VPN users can access hosts througth that VPNs. I've readed that I need to create a Hub Gateway and then add all remote gateways.
      Can this be done without a Hub using only rules to route the traffic?

       

      Regards.

        • 1. Re: Route traffic between VPN
          lnurmi

          Hi,

           

          using hub VPN is one way to do it, like described in the 5.9 product guide (page 1114: https://kc.mcafee.com/agent/index?page=content&id=PD25995). It could probably be done quite easily without hub config too if you have separate VPN elements for client VPN and for site-to-site VPN. Add the clients' virtual IP range as a site to the client VPN gateway, so that the site is only enabled in the S2S VPN, then use Forward VPN access rules to send client VPN traffic to the other sites.

           

          BR,

          Lauri

          • 2. Re: Route traffic between VPN
            seebvey

            Hi,

             

            is it also possible to route traffic from one vpn client to another?

             

            I have connected some Clients with a single McAfee VPN Client policy to the internal Network.

            But is it possible to let the Clients "talk" to each other?

             

            regards

            Sebastian

            • 3. Re: Route traffic between VPN
              lnurmi

              Hi,

               

              indeed it is. You'd need a forward rule like this:

               

              source: Virtual IP range

              destination: Virtual IP range

              service: as needed

              action: Forward VPN -> Client VPN

              authentication: can be left empty, or define specific users/groups if the access should be restricted

              source VPN: Client VPN

               

              The virtual IP range must also be included in the VPN site.

               

              BR,

              Lauri