Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    VPN Site to site IPSEC

    Scheduled Pinned Locked Moved IPsec
    13 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rayx
      last edited by

      and if I only have an ipsec connection between headquarters A and D
      but in the headquarters D I want to see the headquarters B
      all other venues are configured and seen with WIMAX
      how do I pass the routing table?

      attached network image

      ![Sin título.png](/public/imported_attachments/1/Sin título.png)
      ![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        and if I only have an ipsec connection between headquarters A and D
        but in the headquarters D I want to see the headquarters B
        all other venues are configured and seen with WIMAX
        how do I pass the routing table?

        You put the local and remote networks on that tunnel.

        On the tunnel between A and D you would make a P2 for D to B.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          rayx
          last edited by

          @Derelict:

          and if I only have an ipsec connection between headquarters A and D
          but in the headquarters D I want to see the headquarters B
          all other venues are configured and seen with WIMAX
          how do I pass the routing table?

          You put the local and remote networks on that tunnel.

          On the tunnel between A and D you would make a P2 for D to B.

          I do not understand you

          ![Sin título.png](/public/imported_attachments/1/Sin título.png)
          ![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            If you are going to refer to sites as A, B, C, and D it would be helpful to have that information on your diagram.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • R
              rayx
              last edited by

              hello, I modified the scheme
              I have added the HEADQUARTERS E
              This is really my topography
              I currently have a vpn Ipsec between the HEADQUARTERS A and E
              all other HEADQUARTERS , except E, are communicated by WIMAX
              I want to pass the routing table to E headquarters, from the others HEADQUARTERS so I can see them all

              ![Sin título.png](/public/imported_attachments/1/Sin título.png)
              ![Sin título.png_thumb](/public/imported_attachments/1/Sin título.png_thumb)

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                So you already have a Phase 2 entry on the VPN for this:

                10.1.0.0/16 <-> 10.5.0.0/16

                Make 3 more:

                10.2.0.0/16 <-> 10.5.0.0/16
                10.3.0.0/16 <-> 10.5.0.0/16
                10.4.0.0/16 <-> 10.5.0.0/16

                Obviously with the reciprocal entries at Site E.

                Add routes to sites B, C, and D those sites for 10.5.0.0/16 with a gateway of whatever they talk to at site A.

                Make sure all necessary firewall rules pass the desired traffic.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • R
                  rayx
                  last edited by

                  and how do I do this without leaving the connection by wimax with the others HEADQUARTERS ?

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    What?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • R
                      rayx
                      last edited by

                      if I configure this in VPN tunnel,in both extremes

                      10.1.0.0/16 <-> 10.5.0.0/16

                      Make 3 more:

                      10.2.0.0/16 <-> 10.5.0.0/16
                      10.3.0.0/16 <-> 10.5.0.0/16
                      10.4.0.0/16 <-> 10.5.0.0/16

                      I lose communication by wimax between headquarters
                      A-D
                      A-B
                      A-C
                      ….....

                      I do not know if I explain

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        No you don't.

                        10.2.0.0/16 <-> 10.5.0.0/16 is not the same thing as 10.2.0.0/16 <-> 10.1.0.0/16

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.