This article is an application of Route Policy. Suppose the Vigor Router is used for LAN-to-LAN VPN connections, and there is another firewall router on LAN act as the Internet Gateway. We want all the traffic to be sent to the firewall router first, especially those from the remote network. This article shows how to use Route Policy and forward the VPN traffic to another device on LAN.
Go to Routing > Load-Balance/Route Policy, click an index number to create a new policy. Configure the policy as follows:
Enable this policy.
Enter Source IP as the IP address of the branch office. Or you may leave the Source IP as Any so that this Route Policy will be applied to all the LAN clients including the local ones.
Leave Destination IP and Destination Port as Any.
Select Interface as the LAN where the firewall router is on.
Select Specific Gateway and enter the local IP address of the firewall router.
Set Priority to a number smaller than 150 to give this policy a higher priority than the Routing Table.
Click OK to save the configuration.
After the configuration, you may use the "tracert" command to see if the traffic pass the firewall router before it goes to the Internet.
To add a route policy to change the gateway, go to Routing >> Route Policy, click Add a rule as follows:
Input Profile Name
Select ALL for Protocol
Select ANY for Source Type
Select ANY for Destination Type
Select User Defined for Out-going Rule
Select lan1 for Out-going Interface
Input the LAN Gateway's IP address for Out-going (Gateway)
Select NAT for Mode
Check Disable for Failover to Next Rule.
After that, we can use command tracert -d 18.104.22.168 to check if the traffic to the Internet is going to the specified LAN Gateway.
Published On: May 12, 2016
Was this helpful?
Thank you for your feedback :)
Sorry about that.
if you need further assistance, or leave us some comments below to help us improve.