IPSec tunnel from a local group of networks to a remote group of networks possible?
CMG last edited by CMG
UPDATE: Okay, I think we may have found the answer:
Phase 2 definitions handle how local/internal networks are sent across a tunnel. Multiple local subnets (or individual hosts) can be used on a single IPsec tunnel by adding multiple Phase 2 entries.
Going to give it a try ..
We have been using GTA firewall for many years. But GTA has recently become defunct, and we are now considering pfSense.
In GTA firewall, we can set up a site-to-site IPSec VPN from the local office LAN and DMZ to the remote office LAN and DMZ. That is, a single VPN which connects LAN and DMZ of office A to LAN and DMZ of office B.
Is this possible with pfSense? In GTA, we can define a network address objects containing the LAN and DMZ network addresses (e.g., one object for Local 192.168.5.0/24 and 192.168.6.0/24 and then another object for the Remote 192.168.11.0/24 and 192.168.12.0.24) in the firewall and then use these objects in the IPSec VPN's Local and Remote network settings.
How can we do this in pfSense 's IPSec tunnel?
Or we have to create two IPSec tunnels at both offices?
But we get this error when trying to create another tunnel to the same remote interface:
The remote gateway "x.x.x.x" is already used by phase1 "testvpn01 to PA".