IPSec Routing with 2 VPNs with same Subnet behind Network
-
Hi
I have a problem that i have to solve.
We have a pfsense 2.3.4p1 Firewall on Main Site and 2 ZyWall 60 on the Costumer Site. We have a IPSec VPN Tunnel for each of the ZyWall 60, this works fine.
But on the LAN (10.0.1.0/24) we have 2 Terminal-Servers, 1 of them have to connect to the Webserver 10.200.201.3/24 behind the LAN 10.0.2.0/24 and the other Terminal-Server have to connect to the Webserver 10.200.201.3/24 behind the LAN 10.0.3.0/24. I know that i have to do a second Phase 2 on the IPSec Connections, but how I can define that Terminal-Server A have to go to the IPSec Tunnel 10.0.2.0/24 and the Terminal-Server B have to go to the IPSec Tunnel 10.0.3.0/24? I have two times the same rule in the Phase 2 (Local Subnet: 10.0.1.0/24 to Remote Subnet: 10.200.201.0/24).Terminal-Server A-(10.0.1.5)–-----| |---------ZyWall60----------10.0.2.0/24--------10.200.201.0/24----Webserver-(10.200.201.3)
|----10.0.1.0/24 --pfsense---WAN----|
Terminal-Server B-(10.0.1.6)-------| |---------ZyWall60----------10.0.3.0/24--------10.200.201.0/24----Webserver-(10.200.201.3)Best regards
dynw -
Huh??
So this customer site has duplicated network 10.200.201/24… And this is downstream of a 10.0.x network? This is not just a transit network? There are hosts on these 10.0.x networks?
What I would do is fix the customers site ;) Makes no sense as drawn..
-
Hi johnpoz
Thanks for your reply.
Yes on the Network 10.0.x are hosts. But this are two different customers and I don't can change the Subnet 10.200.201.0/24. I have draw another picture.
I think, we need a policy based routing with the possibility to define Gataways on the IPSec Interface.
