Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Force IPSEC next hop

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 820 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jgraham5481
      last edited by

      So I have a unique setup, I prefer PFSense, but we're mostly a Cisco shop, however, both systems exist together peacefully, Most things are on the Cisco, as we grow, more things route through PFSense. What I want to do is setup IPSEC to a few remote sites on the PFSense side, force all traffic over IPSec from remote to PFSense, then route it through the Cisco side. Currently routing statements exist, so almost anything on either side, PFSense or Cisco can get to the other side and vice versa.

      PFSense side
      IPSEC 192.168.74.0/24
      LAN 10.69.0.1

      Cisco side:
      One of many LAN's 10.69.0.254

      If in my IPSEC config, for the phase two entry, I allowed 0.0.0.0/0 to 192.168.74.0/24 and vice versa, then set outbound NAT with the source of 192.168.74.0/24 out 10.69.0.254, would this then force all IPSEC traffic to the Cisco? Yes, I understand this is a 70,000ft. view, there are rules and ACL's, just wanted to make sure I was on the right track.

      1 Reply Last reply Reply Quote 0
      • J Offline
        jgraham5481
        last edited by

        Maybe a rule on the IPSEC interface that says souce (remote ip) allow to destination (any) via the Cisco as it's gateway?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.