Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
648
Views
0
Helpful
1
Replies

Default route internet access within service VPN

HarrySandars
Level 1
Level 1

‎06-07-2021 04:21 AM

Hi all,

 

I was wondering if someone could advise on this please

 

Is it bad practice to have an internet breakout (default route) within a service VPN as opposed to in VPN0? I understand tunnels and control connections won't ever be formed through this internet breakout but that is not required. The reason for doing this is so traffic can hit the firewall with the source address intact rather than being overwritten by NAT that occurs when breakout out from service VPN -> VPN0 as well as to allow traffic within this site to take a more efficient path rather than all internet traffic being routed via the cEdge, and finally lowering complexity in adding the edge to this network. 

 

I know it works in a lab environment

 

Cheers

 

 

Labels:
0 Helpful
1 Reply 1

Kanan Huseynli
VIP
VIP

‎06-08-2021 03:15 PM

Hi,

 

technically looks normal way. In general, it is OK to have two different devices for different exit points: one for WAN, another for internet exit point. If you have main-core switch on site, you may route directly to firewall rather than hairpinning via cEDGE.

 

HTH,

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

0 Helpful
Customers Also Viewed These Support Documents