I'm trying to configure my 2927 so that some IP's go out via the VPN and others don't.

I have 2 routes set-up:
Route 1 is directed at the VPN (NordVPN OpenVPN) and has conditional IPs added.
Route 2 is non-VPN (but going through the same WAN).

I've gone through the diagnostic checks with various IP's, and it seems to do what I want (i.e. it selects the correct route), accept that Route 2 still uses the VPN. Even if I completely remove Route 1, it still uses the VPN. I have to disable the VPN to stop it.

So I'm thinking I'm missing a setting somewhere.... but I can't find it. Should the Route be able to determine using or not using the VPN without disabling the VPN???

 

Hi  DaveB ,

Conditional VPN via Route Policy - Anybody done this?

Yes, I have this setup in loads of locations, especially for devices like 'FireSticks', that need to be routed via a particular public IP (at a remote site) for their Netflix subscriptions to work.

You shouldn't need two route policies, only the one that diverts your pre-defined IPs (or range(s)/subnet(s)) via the VPN tunnel profile.

Make sure the route policy 'Priority' value is set correctly, but also that the "Change default route to this VPN tunnel" setting in the 'Lan-2-Lan Profile' isn't enabled.


All of your normal traffic should flow via your main WAN(s) connection(s) unless otherwise valid to be routed via the VPN connection as stipulated in your route policy.
FYI, the diagnostics tools aren't 100% reliable, as I have seen them report conditions I know not to be true, and that I can clearly control the traffic of, even though the diagnostic tool reports otherwise, so I use them sparingly.

Thank you. The priorities were my main issue. Now working fine.