Force IPSEC next hop

  • So I have a unique setup, I prefer PFSense, but we're mostly a Cisco shop, however, both systems exist together peacefully, Most things are on the Cisco, as we grow, more things route through PFSense. What I want to do is setup IPSEC to a few remote sites on the PFSense side, force all traffic over IPSec from remote to PFSense, then route it through the Cisco side. Currently routing statements exist, so almost anything on either side, PFSense or Cisco can get to the other side and vice versa.

    PFSense side

    Cisco side:
    One of many LAN's

    If in my IPSEC config, for the phase two entry, I allowed to and vice versa, then set outbound NAT with the source of out, would this then force all IPSEC traffic to the Cisco? Yes, I understand this is a 70,000ft. view, there are rules and ACL's, just wanted to make sure I was on the right track.

  • Maybe a rule on the IPSEC interface that says souce (remote ip) allow to destination (any) via the Cisco as it's gateway?

Log in to reply