4. IPSEC single host Phase 2

IPSEC single host Phase 2

  • N

    Hi,

    I don't have experience with IPSEC. Here's the short version: host on Site A, can connect to the LAN subnet on site B, even though there's no Phase 2 entry for it.

    I have 2 x SG-2220 pfsense version 2.3.4 and I'm trying to make an IPSEC connection between them. They are on different public IPs.

    Simplified network diagram:

    Site A LAN subnet: 192.168.1.0/24
    Site B LAN subnet: 192.168.2.0/24

    NAS on site A: 192.168.1.1
    NAS on site B: 192.168.2.1

    I want to connect some laptops from the 2 different sites to the 2 NAS boxes, but I don't want other network devices to communicate through the IPSEC tunnel. I know I can make rules for that, but I want to understand how this works.

    Phase 1 seems to work properly and I've setup P2 like this:

    Site A:
    Local Subnet          Remote Subnet
    LAN                        192.168.2.1
    192.168.1.1            192.168.2.0/24

    Site B:
    Local subnet          Remote Subnet
    LAN                      192.168.1.1
    192.168.2.1          192.168.1.0/24

    Now all I'd have to do, is create firewall rules to allow incoming traffic from different hosts to the NAS.

    During setup, I created a firewall rule on site B to allow traffic from 192.168.1.2 (a laptop) to any.

    I can access any host on site B from 192.168.1.2, for example from 192.168.1.2 to 192.168.2.10.

    Is this normal?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy