The procedure to indicate specific traffic go through specific wan interface

Zyxel_Charlie
Zyxel_Charlie Posts: 1,034  Zyxel Employee
First Anniversary Friend Collector First Answer First Comment
edited August 2022 in Networking
SCENARIO DESCRIPTION:

On the USG, what is the procedure to configure WAN 1 for all traffic except VPN traffic, and WAN 2 for VPN traffic without failover? 


SETUP/STEP BY STEP PROCEDURE:

1. Create a VPN gateway and VPN connection based on WAN 2.

2. Ensure that both WAN 1 and WAN 2 are in the WAN trunk.

3. Add rule 1 and rule 2 in the policy route.

Rule 1 is used for routing VPN traffic. Next-Hop is the VPN Gateway.
Rule 2 is used for routing other traffic, except for the VPN traffic. 
When WAN is down, even if WAN 2 is in the trunk, only IPSec VPN traffic will pass through the trunk. Other traffic will not go through WAN 2 because of the policy route rule 2.


VERIFICATION:

 

The following is the ping result when WAN is disabled.

Ping to the IP address of the remote VPN subnet 10.90.88.132 is OK.

Ping to IP address 8.8.8.8 is NOT OK.