Virtual Router/ Firewall/ VPN

Reply
Regular Visitor
Posts: 1
Registered: ‎01-05-2015

vRouter 6.6 R6 Routing configuration

Hello, I am having trouble configuring the routing ability with a vpn.  I have a Vyatta 5414 vRouter 6.6 R6.  eth0 is configured with ip 10.61.113.195/8, eth1 is configured as 6.6.6.179/29.  I have configured the system default gateway, DNS, etc and have internet access and can access the servers on the private (eth0) side.  I have a VPN configured and it is up and running.  From the Vyatta I can ping my remote hosts over the VPN.  My problem is I cannot get the Vyatta to route traffic from the 10.x.x.x network over the VPN.  I need traffic coming in from the 10.x.x.x network destine for the 8.8.8.0/24 network to flow over eth1 and be natted to 6.6.6.179.  The remote VPN expects all traffic to come from my public IP of 6.6.6.179.  Any help would be greatly appreciated.

 

Here is the configuration:

 

set interfaces ethernet eth1 address 6.6.6.179/29

set interfaces ethernet eth0 address 10.61.113.195/8

 

set vpn ipsec ipsec-interfaces interface eth1

set vpn ipsec ike-group IKE-G0 proposal 1 dh-group 5

set vpn ipsec ike-group IKE-G0 proposal 1 encryption aes256

set vpn ipsec ike-group IKE-G0 proposal 1 hash sha1

set vpn ipsec ike-group IKE-G0 lifetime 86400

set vpn ipsec ike-group IKE-G0 dead-peer-detection interval 60

 

set vpn ipsec esp-group ESP-G0 pfs disable

set vpn ipsec esp-group ESP-G0 proposal 1 encryption aes256

set vpn ipsec esp-group ESP-G0 proposal 1 hash sha1

set vpn ipsec esp-group ESP-G0 lifetime 28800

 

set vpn ipsec site-to-site peer 7.7.7.193 authentication mode pre-shared-secret

set vpn ipsec site-to-site peer 7.7.7.193 authentication pre-shared-secret #MySecretKey#

set vpn ipsec site-to-site peer 7.7.7.193 ike-group IKE-G0

set vpn ipsec site-to-site peer 7.7.7.193 default-esp-group ESP-G0

set vpn ipsec site-to-site peer 7.7.7.193 local-address 6.6.6.179

 

set vpn ipsec site-to-site peer 7.7.7.193 tunnel 0 local prefix 6.6.6.179/32

set vpn ipsec site-to-site peer 7.7.7.193 tunnel 0 remote prefix 8.8.8.0/24

 

set protocols static route 8.8.8.0/24 next-hop 7.7.7.193

 

set vpn ipsec nat-traversal enable

set vpn ipsec nat-networks allowed-network 10.0.0.0/8

 

set nat source rule 10 source address 10.0.0.0/8

set nat source rule 10 destination address 8.8.8.0/24

set nat source rule 10 outbound-interface eth1

 

I have tried with and without the exclude rule:

set nat source rule 10 exclude

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.

vADC is now Pulse Secure
Download FREE NVMe eBook