This article will show you how to route traffic using a VPN tunnel, which is a popular scenario that is commonly used to work and communicate in a protected environment on the internet. Video streaming (IPTV) is another frequently used application. Furthermore, this article will show you how to configure the VPN tunnel using VTI interface and what policy route to create.

 

In some circumstances, users may want to forward their video stream from site to site through the VPN tunnel. IGMP over IPSec is required in this kind of application.

Users can follow this procedure to set up a VPN tunnel and IGMP proxy to fulfill a certain purpose.

 

Table of Content

1) Set Up IPSec VPN tunnel and VTI interface on both USGs

2) Set Up the IGMP proxy function on both of USG

3) Add policy route on both USG to allow IGMP traffic to the remote site

4) Verification

 

Scenario and Topology

The topology and the setup steps are shown below.

1. A public IP address on the USG

 

1) Set Up IPSec VPN tunnel and VTI interface

On USG#1 go to

Configuration > VPN > IPSec VPN > VPN Gateway

click add to create a VPN gateway rule.

 

Go to

Configuration > VPN > IPSec VPN > VPN Connection

click add to create a VPN connection rule.

 

Go to

Configuration > Network > Interface > VTI

then click the Add button to create a VTI interface.

 

On USG#2 go to

Configuration > VPN > IPSec VPN > VPN Gateway 

Click the Add Button to create a VPN gateway rule.

 

Go to

Configuration > VPN > IPSec VPN > VPN Connection

Click the Add Button to create a VPN connection rule.

 

Go to

Configuration > Network > Interface > VTI 

then click Add button to create a VTI interface.

 

 

2) Set Up the IGMP proxy function

On USG#1, go to Configuration > Network > Interface

• Edit WAN1 interface: Enable IGMP Support function and set it as Downstream
• Edit LAN1 interface: Enable IGMP Support function and set it as Upstream
• Edit vti0 interface: Enable IGMP Support function and set it as Downstream

 

On USG#2, go to

 Configuration > Network > Interface

• Edit WAN1 interface: Enable IGMP Support function and set it as Upstream
• Edit LAN1 interface: Enable IGMP Support function and set it as Downstream
• Edit vti0 interface: Enable IGMP Support function and set it as Upstream

 

3) Add policy route to allow IGMP traffic to the remote site

On both USGs, create an IP range object for IGMP.

Go to

Configuration > Object > Address/GeoIP

Click the Add button.

 

 

On both USG, create a policy route to route IGMP traffic to the remote VPN tunnel.

Go to

Configuration > Network > Routing > Policy Route

Click the Add button.

 

4) Verification

After setting up the configuration, you can go to Monitor > IGMP Statistics to check, if any IGMP is working on the table.

 

Note

The IGMP proxy function can route IGMP traffic into a VPN tunnel.

You must select the correct IGMP direction when setting up the IGMP proxy.