Routing advice

Jonb

I am trying to setup a network as such

PFSENSE 1(LAN port 192.168.1.0/24) –----VPN-------- PFsense 2 (VLAN 10 10.0.1.2/24)
                                                                            LAN VLANID 10
                                                                            Cisco Box 1 (10.0.1.1)
                                                                              |
                                                                              |
                                                                            GRE
                                                                              |
                                                                            Cisco box 2
                                                                            10.0.2.0/24

I need PFsense 1 to be able to talk to network on Cisco box 2. I have though of putting in an VPN on Pfsense 1 to network 10.0.1.0/24 then a static route of 10.0.2.0/24 via gatway 10.0.1.1 but this seemed to fail.

Then I tried to setup a VPN route in PFsense 1 with network subnet 10.0.2.0/24 (Cisco box 2 range) then on the PFsense box 2 I put a static route of 10.0.2.0/24 via 10.0.1.1.

What would be the best way to do this.

jimp

You need to setup a second, parallel tunnel between the pfSense boxes to handle the connection from pfSense1's subnet to the Cisco's subnet, and vice versa.

In 2.0 you could just add a second phase 2 subnet entry in on each side to cover it.

Alternately, use OpenVPN between pfSense 1 and 2 and you can route however you like very easily, without dealing with IPsec's lack of routing capability :)

Jonb

Cool thanks I will have a look at it. I presume I will need to add a static route on pfsense 2 to route to the subnet on cisco 2.

Jonb

Cool thanks got it all working.