IPSEC single host Phase 2
-
Hi,
I don't have experience with IPSEC. Here's the short version: host on Site A, can connect to the LAN subnet on site B, even though there's no Phase 2 entry for it.
I have 2 x SG-2220 pfsense version 2.3.4 and I'm trying to make an IPSEC connection between them. They are on different public IPs.
Simplified network diagram:
Site A LAN subnet: 192.168.1.0/24
Site B LAN subnet: 192.168.2.0/24NAS on site A: 192.168.1.1
NAS on site B: 192.168.2.1I want to connect some laptops from the 2 different sites to the 2 NAS boxes, but I don't want other network devices to communicate through the IPSEC tunnel. I know I can make rules for that, but I want to understand how this works.
Phase 1 seems to work properly and I've setup P2 like this:
Site A:
Local Subnet Remote Subnet
LAN 192.168.2.1
192.168.1.1 192.168.2.0/24Site B:
Local subnet Remote Subnet
LAN 192.168.1.1
192.168.2.1 192.168.1.0/24Now all I'd have to do, is create firewall rules to allow incoming traffic from different hosts to the NAS.
During setup, I created a firewall rule on site B to allow traffic from 192.168.1.2 (a laptop) to any.
I can access any host on site B from 192.168.1.2, for example from 192.168.1.2 to 192.168.2.10.
Is this normal?