Hi,
I am trying to configure an EdgeRouter Lite as a VPN router. I have the VPN connection working to a Cisco ASA, but I can't figure out how to configure the router to route all traffic through the VPN tunnel.
I can add a local prefix of 10.0.0.0/24 and a remote prefix of 10.10.0.0/24 and route from one network to the other through the VPN tunnel. But, I need to be able to route all traffic through the VPN tunnel.
If I configure the remote prefix to be either 10.0.0.0/8, or 0.0.0.0/0, it cuts off the local network access from 10.0.0.0/24. It's as though the directly connected interface networks are a lower priority than the remote VPN networks, meaning that all the traffic destined for 10.0.0.0/24 is routed through the VPN.
I have tried using multiple prefixes, but the config is either rejected or corrected to just one prefix. I have also tried negating the prefix in the form of !10.0.0.0/24, but this isn't accepted either.
The only way I can think to configure it to work is to use LOTS of tunnels - i.e. one for every network, other than 10.0.0.0/24, including all internet routed addresses.
But this makes me think that I must be missing something. With every other router I have used, I would just configured 0.0.0.0/0 for the VPN tunnel, and the router would be smart enough to know not to route its directly connected interfaces through the tunnel.
Any help would be appreciated.