we are currently trying to build a solution where we use hotspot profiles to route traffic based on simple conditions.
One profile gets routed without any further handling, the other should be forwarded to an appliance which processes the data and filters it.
The question is how would one implement such a system?
Right now we have the following:
Client connects via sstp to sstp server one and server two, the profile decides whether the traffic should be filtered or not. If the traffic should be filtered all data gets forwarded to server two from server two a route forwards the traffic to our appliance. The problem is that as soon as we forward the traffic from server two to the appliance the sstp connection gets terminated. In order to prevent termination we have to set a static route that points to the client which is not ideal for huge rollouts because setting up static routes for hundreds of clients manually is tedious and time consuming.,
The client routes look as follows:
Server two's routes look like this
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 sstp-out1 1 1 A S 0.0.0.0/0 192.168.200.254 1 2 ADC 10.10.11.1/32 10.1.16.5 sstp-out1 0 3 ADC 172.16.0.0/22 172.16.0.1 bridge-local 0 4 ADC 192.168.200.0/24 192.168.200.10 ether1-gateway 0
Code: Select all
Flags: X - disabled, A - active, D - dynamic, C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, B - blackhole, U - unreachable, P - prohibit # DST-ADDRESS PREF-SRC GATEWAY DISTANCE 0 A S 0.0.0.0/0 10.10.0.1 1 1 X S 0.0.0.0/0 184.108.40.206 2 3 ADC 10.1.16.0/24 10.1.16.1 local-bridge 0 4 ADC 10.1.16.5/32 10.10.11.1 <sstp-45AA025AA... 0 5 ADC 10.10.0.0/24 10.10.0.2 ether1 0 6 A S 220.127.116.11/32 18.104.22.168 1 11 ADC 212.xxx.xxx.0/26 212.xxx.xxx.50 local-bridge 0
Has anyone any idea as to how one would implement thsi solution without the need for static routes that point back at the client?