Re: Routing External IP via VPN Tunnels

rob1456657 · ‎10-30-2025

I hope someone can help me find an answer to this scenario. We have another organization with which we have a site-to-site tunnel. This tunnel is located at our home office. Our remote sites have site-to-site tunnels to the home office. The other organization has provided us access to a resource via their VPN, but that resource uses an externally routable IP address.

At the Home Office location, access to the third-party resource works as it hits the firewall, and this request is then sent out through the tunnel to the third-party site.

However, we are trying to route the external IP from the remote site through the Tunnel to the Home Office and then out of the tunnel at the Home Office to the third party. This is just not working. Instead, because it is an externally routable IP, the firewall at the remote site sends out to the internet.

Has anyone successfully set up such a scenario, and if so, how did you achieve this?

Kasun Bandara · ‎10-30-2025

@rob1456657 hi, once i did this king of setup. i had static routes towards next hop (peer IPsec in head office) and all other traffic configured as an interest traffic for VPN. you can try that kind of setup here.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

rob1456657 · ‎11-03-2025

Hi @Kasun Bandara, was the peer IPsec in the head office an internal network IP or an external IP?

Kasun Bandara · ‎11-03-2025

External IP. by adding specific static route to those IPs form branch, branch router will reach those public IPs directly and negotiate the tunnel.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB