OK…
Here it is:
Back ground:
Topology:
Two Router systems with a IPSec tunnel between them.
Both Routers are attached to seporate ISPs.
Both Routers have their own gateways.
Workstations can see both “private” networks. IE 10.0.0 can ping 10.4.0.0 and the reverse is true.
Situation:
One of the ISPs was being blocked by an application provider (the network that all the users connect to of course).
The other site could get to the “ASP” just fine.
Patch:
Place a proxy on the “working” router and point users to that proxy.
Worked ok but slammed the pipe and the “working” router as ALL web traffic had to be encrypted and sent thru the tunnel.
Desired solution:
Create a policy based route rule to the affected ASP. and enable as needed.
IE: All traffic fron a “NATed” network IE 10.0.0.0/16 to the ASPs IP address / range use a different route to the ASPs ip address / range.
IE: Atandard default gateway = 10.0.0.1
Alternate gateway = 10.4.0.1 (on tunnel connected network)
This should be able to be done via Routing / rules or Mangle / routing, bu I have set up a test router and it is not following the alternate route.
Any Ideas??
Craig
