DrayTek UK Users' Community Forum

Help, Advice and Solutions from DrayTek Users

Leaking IP addresses when IPSec S-S Tunndel down (2920)

  • jghaines
  • Topic Author
  • Offline
  • New Member
  • New Member
More
19 Aug 2011 16:02 #1 by jghaines
Leaking IP addresses when IPSec S-S Tunndel down (2920) was created by jghaines
I have 3 sites (UK, USA, Australia say). I have site-to-site IPSec VPNs between all sites (2 from each site).

If a tunnel goes down, traffic for the destination subnet leaks onto the WAN :x

I have configure the firewall to block all (strict) => no ESP traffic between sites. When a tunnel is down, no traffic flows.
If I then open up traffic from the local LAN to the remote subnet (using a LAN-LAN rule), I can pass traffic, but traffic then leaks onto the WAN if the tunnel is down.

Am I missing a trick on firewall rules or some other configuration? I'm about to scrap the Drayteks for somethings else....nothing seems to work!

TIA

John

Please Log in or Create an account to join the conversation.