Multiple Static Routes over IPSEC



  • Hello all,

    I am trying to setup multiple static Routes over IPSec.  I was able to specify 1 subnet on the remote end, but I have 75 subnets that I would like to connect to.  I have heard to use 0.0.0.0 as the remote subnet, but that would route my internet over the IPSec tunnel as well.  My bandwidth at the the local site is much faster than the remote site so traffic to the internet would be preferred to go out locally.  Is this even possible or do I need to switch to something else.  If it helps, I am using a Fortigate on the remote end.


  • Rebel Alliance Developer Netgate

    IPsec does not route, so you can't use static routes. You need a separate Phase 2 entry for each distinct pairing of local and remote networks.

    The easiest way to reduce that is to summarize the remote networks. Are they all close by each other? Can you use a larger subnet mask to include all of them? Or at least reduce the number to something manageable?