Setup route to servers on the other side of ipsec vpn tunnel
I have a Pfsense setup with 2 wan (in carp), so I have:
pfs1 wan ip: 22.214.171.124
pfs2 wan ip: 126.96.36.199
pfs wan vip: 188.8.131.52
pfs1 wan2 ip: 184.108.40.206
pfs2 wan2 ip: 220.127.116.11
pfs wan2 vip: 18.104.22.168
I have a main vlan: 192.168.0.0/24 and the address on Pfsense are:
pfs1 lan ip: 192.168.0.31
pfs2 lan ip: 192.168.0.32
pfs lan vip: 192.168.0.30
In the network, down to the 2 firewalls, there are 2 main switches with L3 routing configured and in hsrp:
swi1 ip: 192.168.0.3
swi2 ip: 192.168.0.2
swi vip: 192.168.0.1
There is a route like this: 0.0.0.0 0.0.0.0 192.168.0.30
Now I have a second vlan that I need that route on a second wan and also communicate with the main vlan; as for the first, there is an hsrp configuration on the switch:
swi1 vlan7: 192.168.7.7
swi2 vlan7: 192.168.7.8
swi vip: 192.168.7.254
My customer asked to create an ipsec vpn and I have done it, I can see the tunnel up, but I have issue to create a route to ping the servers on the customer sitein phase 2, I set:
Local Subnet: 10.175.69.10/32
Remote Subnet: 10.64.3.46 and 10.64.3.80
Now, on my switches I have no network for 10.175.69.10 and sincerely I don't know how to setup the route to ping the addresses on Remote Subnet: how to proceed?
I have other 2 vpn but they have the main subnet (192.168.0.0/24) as Local Subnet so I haven't encountered any issue with routing.
a thing that I have found on another forum is to create another P2 phase and insert as local network my main vlan (192.168.0.0/24) and as remote network the address user as local in the other phase P2, i.e. 10.175.69.10; the tunnel start but I can't ping the address 10.164.3.46 and 10.164.3.80.
Any other suggestion about, for exmple, the rules to use?
Other little step was to create on switches the network 10.175.69.0/24 and then a virtual machine with ip 10.175.69.10: with this I can ping the servers on the other side.
To do this I also created a static route like in the image:
so the network 10.175.69.0/24 has as gateway 192.168.0.1
Then I opened a rule on LAN interface versus 10.175.69.0/24 like in the image:
After this I can ping from 10.175.69.10 to 10.64.3.46 and 10.64.3.80.
How to communicate from LAN network to 10.64.3.46 and 10.64.3.80: is it possible to set a route? Where?
Please if you have any idea let me know.