Below is the Scenario, which was requested recently by one of my customer. They wanted a regular backup being sent to the mail server automatically. It would have been simpler if they wanted backup being sent on the WAN IP of the mail server. Instead, they wanted it over the VPN to the HO and to the mail server behind HO CR:
Here are the steps need to be done on the BO CR (nothing to be configured on the HO CR)
Step 1> Drop the VPN tunnel (do not delete it, just deactivate the tunnel)
Step 2> set advanced-firewall cr-traffic-nat add destination 192.168.1.5 netmask
255.255.255.255 snatip 192.168.2.1
(the above command is used when the CR initiated traffic has to be sent with different source IP address. By default it sends the traffic with WAN IP address and its sent via WAN port. If you have multiple lan interface then choose the interface ip whose subnet has been published in the VPN tunnel. You want to know where else you can use this command: Check out this link)
Step 3> cyberoam ipsec_route add host 192.168.1.5 tunnelname VPN_BO_2_HO
(As discussed in the earlier, the default behavior is to send the traffic over the Wan physical interface. However, in this case we want to send the CR initiated traffic being sent on VPN interface(logical interface).)
No comments:
Post a Comment