Hi all,
I have a problem where I can't both have full connectivity between the dial-in VPN (L2TP over IPSec) and our VPN-tunnel to Microsoft Azure, and at the same time allow external traffic to be routed to the dial-in VPN clients. The problem seems to be how Policy Routing is configured.
Early in the configuration process, before the tunnel to Azure was enstablished, I created the following Policy Routing rule to allow external traffic to be routed. It worked perfectly fine. Users connected via L2TP was able to reach internal and external resources over the tunnel.
Status: Activated
User: Any
Incomming: NET-VPN-DIALIN (10.151.3.0/24)
Source: Any
Destination: Any
DSCP Code: Any
Service: Any
Source port: Any
Next-hop: Auto
DSCP Marking: preserve
SNAT: outgoing-interface
However,
when I created the Windows Azure IP-sec tunnel (10.151.12.0/22) i noticed that no traffic was routed between the dial-in clients and the Azure subnets. I thought this was a firewalling issue, but after a while realized that it was the above Policy Route rule.
When disabling it, the traffic between these subnets works just fine - but then external traffic stops working.
Now, how would you configure a Policy Route to both allow and route
a) Traffic between the dial-in subnet (10.151.3.0/24) and Windows Azure (10.151.12.0/22).
b) Route external traffic to dial-in users.
Thanks in advance!
↧