Routing help need
-
Hello to all.
I'm trying to setup routing from one lan to third through the second, but have diffiulties.
Tried to search posts - nothing found similar.Network is:
(10.11.1.1) | pfsense B | <–- IPsec ---> | pfsense A | (10.11.0.21) --- (10.11.0.3)| cisco | 10.0.0.0/8
10.11.1.0/24 10.11.0.0/24I neet to access 10.0.0.0/8 from pfsenseB network through pfsenseA network (route traffic to cisco device)
I made ipsec connection between both pfsense boxes (local to remote subnets):
on B: LAN <-> 10.11.0.0/24
on A: LAN <-> 10.11.1.0/24added routes:
on A: 10.0.0.0/8 10.11.0.3from A network I can access VPN network 10.0.0.0/8 through cisco
from B network I can't access
tried to add routes
10.0.0.0/8 10.11.0.21
10.0.0.0/8 10.11.0.3
didn't helped.maybe you know some tricks ?
-
youre network mask on youre routes is to big
10.0.0.0/8 is 10.0.0.1 till 10.254.254.254so pfsense server 1 and 2 are olso cot in the route to 10.0.0.0/8
the cisco network is thus including the a and b networks
chace a and b network to get them out of the cisco network rangea 192.168.1.0/24 192.168.1.1
b 192.168.2.0/24 192.168.2.1route on a:
10.0.0.0/8 10.11.0.3
192.168.2.0/24 192.168.2.1on b:
192.168.1.0/24 192.168.1.1
10.0.0.0/8 192.168.1.1on cisco:
192.168.1.0/24 192.168.1.1
192.168.2.0/24 192.168.1.1 -
BTW,
route 10.0.0.0/8 is because network 10.x.x.x is on other side of cisco VPN -
the problem with youre setup is that for server a there is no route to server b all 10.x.x.x trafic is send to the cisco network
including that for server b
you can try this but not sure if it will work because off the dubbel network (10.11.1.0/24 is on 10.0.0.0/8)
add on cisco
10.11.0.0/24 10.11.0.21
10.11.1.0/24 10.11.0.21on a
10.11.1.0/24 10.11.1.1
10.0.0.0/8 10.11.0.3on b
10.0.0.0/8 10.11.0.21 -
did like You wrote,
ping from LAN A to 10.x network is ok
ping from LAN B to 10.x network destination host unreachable.i'll ask cisco gui to check routes also