17
Skill Level: Advanced Policy Routing: Inside / Outside VTI Tunnel This walkthrough describes the steps necessary to configure policy based routing and how to control network traffic inside and outside of a VTI Tunnel.

Policy Routing: Inside / Outside VTI Tunnel… · Skill Level: Advanced Policy Routing: Inside / Outside VTI Tunnel This walkthrough describes the steps necessary to configure policy

  • Upload
    others

  • View
    10

  • Download
    0

Embed Size (px)

Citation preview

  • Skill Level: Advanced

    Policy Routing: Inside / Outside VTI Tunnel

    This walkthrough describes the steps necessary to configure policy based routing and how to control network traffic inside and outside of a VTI Tunnel.

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 2

    Internet

    IPsec VTI-Tunnel

    PCI Network

    Remote Office

    Headquarters

    Corp Network

    ECM/Updates

    Topology:

    AER2100

    AER2100

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 3

    Configuration: Headquarters Local IP Networks & VLAN Interfaces

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 4

    Configuration: Headquarters IPSec VTI-Tunnel

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 5

    Default Configuration: Headquarters Policy Routing Configuration

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 6

    Configuration: Headquarters Policy Routing Configuration

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 7

    Configuration: Headquarters Enable Force NAT

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 8

    Configuration: Headquarters Zone Firewall

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 9

    Configuration: RemoteOffice Local IP Networks & VLAN Interfaces

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 10

    Configuration: RemoteOffice IPSec VTI-Tunnel

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 11

    Default Configuration: RemoteOffice Policy Routing Configuration

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 12

    Configuration: RemoteOffice Build Outside Tunnel Route Table

    • Under “Route Tables” Select the “Add” button

    • Name the new route table “Outside Tunnel”

    • Enter “0.0.0.0/0” in the Destination IP/Network address

    field

    • Select your WAN source from the “Device” dropdown

    • Under “Routes” Select the “Add” button

    Final Result:

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 13

    Configuration: RemoteOffice Build ECM&Firmware Route Policies

    • Under “Route Policies” Select the “Add”

    button

    • Select the router service from the “Incoming Device” dropdown

    Final Result:

    • Select the “Outside Tunnel” table we created earlier

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 14

    Optional Configuration: RemoteOffice Build Local Router DNS Route Policy

    • Under “Route Policies” Select the “Add”

    button

    • Select the “lo” device from the “Incoming Device” dropdown

    Final Result:

    • Select the “Outside Tunnel” table we created earlier

    • Enter Google’s DNS (8.8.8.8 & 8.8.4.4) in the

    Destination IP/ Network Address field

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 15

    Configuration: RemoteOffice Enable Route Policies

    Disabled Route

    Policies

    Drag to

    bottom

    Enabled Route

    Policies

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 16

    Configuration: RemoteOffice Zone Firewall

  • Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 17

    Configuration: RemoteOffice Default Route to VTI Tunnel Policy Routing Configuration

    Default Route to HQ VTI

    Force remote admin traffic out LET/3G

    Modem

    X.X.X.X/X = Remote Admin source IP

    address