Ipsec for specific traffic
-
Hi,
I'm looking for some help with IPSEC routing. We are currently replacing 2 fortigates with pfsense box 2.2
Setup:
Main Office
2 Wan connection
1 for normal traffic, 1 specifically for exchange server trafficRemote Office
1 wan connectionIpsec tunnels:
WAN1 to WAN1remote
WAN2 to WAN1remoteWith the fortigate, there's a policy sending all traffic to Exchange on Tunnel WAN1 to WAN1, and a policy sending all the rest to the other tunnel
Is it possible to do the same with Pfsense? I was thinking at having a Phase 2 to the remote lan and another one to the Exchange server ip, but would it work as intended?
thanks
-
Yes if you can create phase2 for the traffic to exchange and another for other traffic it would work.
-
But is there a way to control the traffic?
Let's say
phase 2 from 192.168.1.0 to 192.168.2.0
phase 2 from 192.168.1.0 to 192.168.2.229 (exchange)Both on the same subnet, will the most specific one will be used for exchange traffic?
-
It depends on order you create the tunnels.
If you create the tunnel with specific ip first it will be used instead of next one.