Post on 14-Feb-2021
Skill Level: Advanced
Policy Routing: Inside / Outside VTI Tunnel
This walkthrough describes the steps necessary to configure policy based routing and how to control network traffic inside and outside of a VTI Tunnel.
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 2
Internet
IPsec VTI-Tunnel
PCI Network
Remote Office
Headquarters
Corp Network
ECM/Updates
Topology:
AER2100
AER2100
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 3
Configuration: Headquarters Local IP Networks & VLAN Interfaces
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 4
Configuration: Headquarters IPSec VTI-Tunnel
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 5
Default Configuration: Headquarters Policy Routing Configuration
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 6
Configuration: Headquarters Policy Routing Configuration
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 7
Configuration: Headquarters Enable Force NAT
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 8
Configuration: Headquarters Zone Firewall
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 9
Configuration: RemoteOffice Local IP Networks & VLAN Interfaces
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 10
Configuration: RemoteOffice IPSec VTI-Tunnel
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 11
Default Configuration: RemoteOffice Policy Routing Configuration
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 12
Configuration: RemoteOffice Build Outside Tunnel Route Table
• Under “Route Tables” Select the “Add” button
• Name the new route table “Outside Tunnel”
• Enter “0.0.0.0/0” in the Destination IP/Network address
field
• Select your WAN source from the “Device” dropdown
• Under “Routes” Select the “Add” button
Final Result:
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 13
Configuration: RemoteOffice Build ECM&Firmware Route Policies
• Under “Route Policies” Select the “Add”
button
• Select the router service from the “Incoming Device” dropdown
Final Result:
• Select the “Outside Tunnel” table we created earlier
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 14
Optional Configuration: RemoteOffice Build Local Router DNS Route Policy
• Under “Route Policies” Select the “Add”
button
• Select the “lo” device from the “Incoming Device” dropdown
Final Result:
• Select the “Outside Tunnel” table we created earlier
• Enter Google’s DNS (8.8.8.8 & 8.8.4.4) in the
Destination IP/ Network Address field
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 15
Configuration: RemoteOffice Enable Route Policies
Disabled Route
Policies
Drag to
bottom
Enabled Route
Policies
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 16
Configuration: RemoteOffice Zone Firewall
Cradlepoint Proprietary and Confidential | ©2014-2015 Cradlepoint, Inc. All Rights Reserved. | Information subject to change without notice. 17
Configuration: RemoteOffice Default Route to VTI Tunnel Policy Routing Configuration
Default Route to HQ VTI
Force remote admin traffic out LET/3G
Modem
X.X.X.X/X = Remote Admin source IP
address