Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] 2 IPSec tunnels with same remote network

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      merlinios
      last edited by

      Hello ,

      I have a pfsense box in network 10.100.100.0/24 . I also have an ipsec tunnel with a remote site which have network 192.168.0.0/24 network so it can access network 10.100.100.0/24 and reverse. Now i want to create another tunnel with another remote site that has also the same network , 192.168.0.0/24 with the first remote site. Is this possible ?

      Thanks a lot

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        They need to NAT on their side. If those two sites need to communicate they both need to NAT.

        This is why you don't deploy 192.168.0.0/24 into production.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • M Offline
          merlinios
          last edited by

          @Derelict:

          They need to NAT on their side. If those two sites need to communicate they both need to NAT.

          This is why you don't deploy 192.168.0.0/24 into production.

          No need for both sides to communicate. So we need only nat on their Side ? In pfsense i will enter the nat subnet or ip in the interesting traffic ?

          Thanks a lot

          1 Reply Last reply Reply Quote 0
          • DerelictD Offline
            Derelict LAYER 8 Netgate
            last edited by

            Their Phase 2:

            Local: 192.168.0.0/24
            NAT: 192.168.100.0/24
            Remote: 10.100.100.0/24

            Your Phase 2:

            Local: 10.100.100.0/24
            Remote: 192.168.100.0/24

            To you, they will look like 192.168.100.0/24.

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • M Offline
              merlinios
              last edited by

              Thanks a lot for your help !

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.