IPsec P2 madness



  • Hi guys,

    long story short - our sip packets stopped hitting our sonicwall, Dell couldn't figure it out - had a PFsense box, fired her up and created the rules - She lives!

    We have a number of VPN customers (ranges). I set up IPsec for our site 2 site and everything is working well. However, I noticed that for each P1 tunnel, I have to create numerous amounts of P2. Is there a short cut? Possibly an Alias or someway, I have clients with like 10 P2 tunnels lol…

    I'm advertising 2 IP's, on both LAN1 and LAN2, so it doubles the amount of P2 tunnels.

    If anyone has any input, i'd greatly appreciated.



  • BUMP -

    How to lower the amount of P2 entries w/o losing shared ranges.


  • Rebel Alliance Developer Netgate

    It depends on how your networks are laid out. There is no way to use aliases there, but if the networks are close perhaps you can summarize them in some way by using larger subnet sizes in the p2



  • @jimp:

    It depends on how your networks are laid out. There is no way to use aliases there, but if the networks are close perhaps you can summarize them in some way by using larger subnet sizes in the p2

    Agreed. In my case creating multiple P2 is only option… Yeah, bit of a pain but must be done this way. Person that was planning IP allocation in the past did not know much about summarization...



  • Thanks for your replies, but the ranges are completely different so the subnet bit would be ridiculous LOL.

    Multiple P2's arent too bad.


Log in to reply