Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can't ping some hosts

    Scheduled Pinned Locked Moved IPsec
    4 Posts 2 Posters 2.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni
      last edited by

      Hi there.

      I have a 2 networks which I am trying to get an IPSEC tunnel between them

      Site A –--- Site B

      Site A has multiple gateways. They have one that they use and I've come in and set up this pfsense box as a 2nd one for VPN.

      Site B can only ping the hosts which have the pfsense box set as their default gateway. Is this normal? Microsoft ISA server doesn't seem to behave in this way....

      Site A can ping all of site B (however everyone on site B has pfsense as their default gateway)

      Help is appreciated

      Cheers

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        Site B can only ping the hosts which have the pfsense box set as their default gateway. Is this normal? Microsoft ISA server doesn't seem to behave in this way….

        This is how routing works.
        Create on the router which your other clients have as their default gateway a static route for the range onthe other side of the tunnel, pointing to the pfSense.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          jonnytabpni
          last edited by

          I guess as such.

          Is there any other way? (I can spin up more machines, that's not a problem)

          I don't really have control over the other default gateway :(

          1 Reply Last reply Reply Quote 0
          • GruensFroeschliG
            GruensFroeschli
            last edited by

            Well you "could" place pfSense in front of your other default gateway (WAN side), so that all traffic has to go over pfSense.
            Or you could add static routes to all your clients which need access to the other site.
            But i suppose that's not really what you want ^^

            We do what we must, because we can.

            Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.