VPN IPsec with various Phases 2.

ramses.sevilla

Hi everyone,

I am trying configure a VPN IPsec connection with various Phases 2:

-----------------------------------------------------------------------------------------
 Local Net.               NAT/BINAT                Remote Net.
-----------------------------------------------------------------------------------------
10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
10.20.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
10.30.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
-----------------------------------------------------------------------------------------

I presume that Remote Peer is a Palo Alto Firewall but I haven't control over it.

Well, I have configured the 3 Phases 2 in my pfSense.

When I connect the Phase 1, it connect without problems but the Phases 2 in my pfSense only connect and works the Phase 2 configured in first place, that is:

-----------------------------------------------------------------------------------------
 Local Net.               NAT/BINAT                Remote Net.
-----------------------------------------------------------------------------------------
10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
-----------------------------------------------------------------------------------------

If I leave enabled only one Phase 2, this Phase connects and works fine but I can't connect the three Phases 2 at once.

I have spoken with the Remote Peer Admin and he tell me that he only has configured in his Firewall to permit the NAT (192.168.1.0/24) but nothing with my 3 Phases 2.

Does anyone know if he need configure something in his Firewall to permit connect my 3 Phases 2 at once?

I have another connection with about 10 Phases 2 connected without problems with other Remote Peer.

Will the problem be in my side of the connection configuration?

Regards,

Ramsés