Ipsec Multiple subnet problem between pfsense and vigor
-
Hello,
I have tow site and I try to connect them.
site A (main) have tow subnets and pfsense (2.0-RELEASE (i386) built on Tue Sep 13 17:28:43 EDT 2011 )
site B have one subnet with Vigor 2910 and need access to all site A subnetssite A site B
192.168.48.0/24 10.100.100.0/24
192.168.47.0/24I configure Ipsec tunnel with one phase 1 and tow phase 2:
Ph 2-a -> local subnet 192.168.48.0/24 remote subnet 10.100.100.8
Ph 2-b -> local subnet 192.168.47.0/24 remote subnet 10.100.100.8I have access between 10.100.100.0/24 and 192.168.48.0/24 but don't have access between 10.100.100.0/24 to 192.168.47.0/24 .
when I check the ipsec status I see the pf think that all tunnel are ip.I have few more IPsec tunnel on this machine (single subnet) thats work fine.
I need help.
recoon.conf:
$ cat /var/etc/racoon.conf
This file is automatically generated. Do not edit
path pre_shared_key "/var/etc/psk.txt";
path certificate "/var/etc";
listen
{
adminsock "/var/db/racoon/racoon.sock" "root" "wheel" 0660;
isakmp x.x.x.x [500];
isakmp_natt x.x.x.x [4500];
}remote y.y.y.y
{
ph1id 1;
exchange_mode main;
my_identifier address x.x.x.x;
peers_identifier address y.y.y.y;
ike_frag on;
generate_policy = off;
initial_contact = on;
nat_traversal = on;dpd_delay = 10;
dpd_maxfail = 5;
support_proxy on;
proposal_check claim;proposal
{
authentication_method pre_shared_key;
encryption_algorithm 3des;
hash_algorithm sha1;
dh_group 2;
lifetime time 28800 secs;
}
}sainfo subnet 192.168.47.0/24 any subnet 10.100.100.0/24 any
{
remoteid 1;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1,hmac_md5;lifetime time 3600 secs;
compression_algorithm deflate;
}sainfo subnet 192.168.48.0/24 any subnet 10.100.100.0/24 any
{
remoteid 1;
encryption_algorithm 3des;
authentication_algorithm hmac_sha1,hmac_md5;lifetime time 3600 secs;
compression_algorithm deflate;
} -
I think it's regards to remoteid that it's the same.
Thank u all.