Hi, Mark Cooke schrieb:
You are correct - you can get your firewall to redirect traffic to the VPN. That doubles the traffic to the inside of the firewall though. Ie, LAN -> FW -> VPN -> FW instead of LAN -> VPN -> FW
Traffic doubling might not be a problem, and you may decide the extra traffic isn't a problem in your scenario and you'd rather have the simpler setup. (Especially as the LAN portion of your net is probably at least twice the speed of the link to your ISP. Don't know about the loading on your firewall though)
If you setup your firewall correctly, it will send an ICMP Redirect message to the peers that have the firewall set as their default gateway whereafter the peers will send all following packets directly to the VPN GW without bothering the firewall and therefore the net any more as long as the connection exists (don't know if this may be different for UDP connections, though, as UDP is a connection-less protocol). René