IPSEC single host Phase 2

  • Hi,

    I don't have experience with IPSEC. Here's the short version: host on Site A, can connect to the LAN subnet on site B, even though there's no Phase 2 entry for it.

    I have 2 x SG-2220 pfsense version 2.3.4 and I'm trying to make an IPSEC connection between them. They are on different public IPs.

    Simplified network diagram:

    Site A LAN subnet:
    Site B LAN subnet:

    NAS on site A:
    NAS on site B:

    I want to connect some laptops from the 2 different sites to the 2 NAS boxes, but I don't want other network devices to communicate through the IPSEC tunnel. I know I can make rules for that, but I want to understand how this works.

    Phase 1 seems to work properly and I've setup P2 like this:

    Site A:
    Local Subnet          Remote Subnet

    Site B:
    Local subnet          Remote Subnet

    Now all I'd have to do, is create firewall rules to allow incoming traffic from different hosts to the NAS.

    During setup, I created a firewall rule on site B to allow traffic from (a laptop) to any.

    I can access any host on site B from, for example from to

    Is this normal?

Log in to reply