Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec tunnel questions

    Scheduled Pinned Locked Moved IPsec
    ipsec routing
    4 Posts 2 Posters 689 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freddy550
      last edited by

      Can I host a firewall in my wmware and in this have multiple firewalls to different customers.
      And send each firewall to a different VApp / server on my side?

      Customer 1 -> Tunnel 1 -> My Server 1
      Customer 2 -> Tunnel 2 -> My Server 2

      What happens if two customers have the same network in their side?
      Also if one new customer happends to have the same ipspan as me can I then add a new one as endpoint on my side and not mess up the other tunnels?

      Lot's of questions ;-)

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @freddy550
        last edited by

        @freddy550 said in IPSec tunnel questions:

        Can I host a firewall in my wmware and in this have multiple firewalls to different customers.

        Multiple firewalls in a firewall? Or do you mean, multiple IPSec tunnels?
        If the latter then yes.

        What happens if two customers have the same network in their side?

        One would have to nat his network.

        Also if one new customer happends to have the same ipspan as me can I then add a new one as endpoint on my side and not mess up the other tunnels?

        Either you or the remote needs to nat his subnet.

        F 1 Reply Last reply Reply Quote 0
        • F
          freddy550 @viragomann
          last edited by freddy550

          @viragomann If the network is nat:ed then I will loose the ability to log from who the traffic is coming from in the destination server, right ?

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @freddy550
            last edited by

            @freddy550
            No. Your IPSec configuration has to be aware of the NAT, otherwise it will not connect.

            Imagine, the remote site is 192.168.20.0/24 and it is natted to 10.227.56.0/24. So your phase 2 has to use 10.227.56.0/24 as remote network to connect to.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.