Routing public subnet over IPSec

Toni · May 13, 2025, 12:33pm

I like some input on a setup I’m building.
The goal is to have remote clients (handheld PDA’s) use a RUT router to access AWS via an HQ public IP behind a Barracuda Cloudgen firewall.

Setup:

a central Barracuda Cloudgen firewall with a fixed public IP.
a RUTC50 and a RUTX11 with IPSec configured toward this central Barracuda.

IPSec is route based, MTU 1386, IKEv2, Local firewall check ON, Remote firewall check ON, Passthough interface: LAN, Passthrough subnet: the local LAN subnet

Then I have a static route configured with Interface the IPSec tunnel name, target 166.117.0.0, netmask 255.255.0.0, gateway the IPSec routed IP at Barracuda, metric 1, MTU 1386, route type: unicast

However I cannot get the RUT device to push the traffic towards any IP in the 166.117.0.0/16 subnet over the IPSec tunnel.

Any tips?

Toni · May 14, 2025, 11:19am

Turns out Barracuda and routed IPSec on 1 interface isn’t stable.
I had to create separate interfaces for each tunnel and use a different public IP as well.

It works now

Marija · May 14, 2025, 11:38am

Hello,

Glad to hear you’ve found a solution!

Please let me know if there’s anything else I can help you with regarding this topic.

Best regards,