VPN IPsec with various Phases 2.
-
Hi everyone,
I am trying configure a VPN IPsec connection with various Phases 2:
----------------------------------------------------------------------------------------- Local Net. NAT/BINAT Remote Net. ----------------------------------------------------------------------------------------- 10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24 10.20.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24 10.30.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24 -----------------------------------------------------------------------------------------
I presume that Remote Peer is a Palo Alto Firewall but I haven't control over it.
Well, I have configured the 3 Phases 2 in my pfSense.
When I connect the Phase 1, it connect without problems but the Phases 2 in my pfSense only connect and works the Phase 2 configured in first place, that is:
----------------------------------------------------------------------------------------- Local Net. NAT/BINAT Remote Net. ----------------------------------------------------------------------------------------- 10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24 -----------------------------------------------------------------------------------------
If I leave enabled only one Phase 2, this Phase connects and works fine but I can't connect the three Phases 2 at once.
I have spoken with the Remote Peer Admin and he tell me that he only has configured in his Firewall to permit the NAT (192.168.1.0/24) but nothing with my 3 Phases 2.
Does anyone know if he need configure something in his Firewall to permit connect my 3 Phases 2 at once?
I have another connection with about 10 Phases 2 connected without problems with other Remote Peer.
Will the problem be in my side of the connection configuration?
Regards,
Ramsés