Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Multiple lan routing with router between firewall and internet

    IPsec
    2
    2
    2.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      harqobispal
      last edited by

      Hi all,

      I have been messing with this for days. Here is what i have.

      124.0 lan
      120.0 lan >>>>>>>>>>>>>>>cisco 3550 with routing enabled>>>>>>>>>>>>100.0 lan>>>>>>>>>>>>>>>PFsense firewall with tunnel>>>>>>>>static exteral ip tunnel to other pfsense>>>>>>>>>>55.0 on other pfsense

      I can ping and tracert to both ends of the tunnel from anything on the lan interfaces on both sides. however from the 124.0 and 120.0 subnets behind the cisco 3550 nothing will ping or tracert.  It actually seems to be going out to the internet.  I feel that there is something simple i am not doing.  I have added static routes and such but it still does not work. Does anyone have any ideas?  I have dont multiple searches on the forumn.  The only thing i found said to search the forumn this has been covered before.  I cannot find where this has been covered before. It seems to me i am missing a static route or NAT adjustment somewhere. I guess the basic question is how do i route multiple internal lan networks through 1 tunnel and also they go to the internet(split tunnel). Can anyone help?

      1 Reply Last reply Reply Quote 0
      • P
        psylo
        last edited by

        Hi.

        You have to create a phase by network you want to give access to the tunnel. For example, I've to create tunnel between these 2 offices:

        • Main office:
          DATA VLAN: 192.168.1.0/24
          VOICE VLAN: 192.168.2.0/24
          LAB VLAN: 192.168.3.0/24

        • Remote Office:
          REMOTE LAN: 192.168.100.0/24

        I want ot give access to DATA VLAN & VOICE VLAN only. So I've to create tunnel (on both pfSense) for these trafics:

        • DATA VLAN & REMOTE LAN (192.168.1.0 & 192.168.100.0)

        • VOICE VLAN & REMOTE LAN (192.168.2.0 & 192.168.100.0)

        With the pfSense v1.3, you can do this with adding several phase 2 for the same phase 1. I don't know how you can do this with older version.

        Hope this helps.

        [EDIT] I've added a screenshot of my configuration.

        capture1.png
        capture1.png_thumb

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.