Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing to remote subnet via IPSEC that is peered to PFS by routing protocol

    IPsec
    1
    2
    143
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mountainlion
      last edited by

      Ok, I have a site to site vpn setup. I can successfully reach from 10 to 192 and from 192 to 10. I cant however reach to 172. 172 is a network on a separate router, connected via OSPF. the subnet of the 172 is in the lower PFS routing table.... however none of the Phase2 networks are in the routing table. So the 10 network is not being advertised to 172 router.

      I imagine I can create a static route on the 172 router, or I can advertise a default route from lower PFS... or make a static route on lower PFS and advertise connected... but I am uncertain of where the Phase 2 networks are being forwarded to....

      FW rules arent a factor here, wide open.
      I am sure this has been dealt with, anyone have a best practice?

      0_1544138137158_20181206_162658v2.jpg

      1 Reply Last reply Reply Quote 0
      • M
        mountainlion
        last edited by

        I did go to the 172 router and add a default route of the lower PFS... and it works, but there are a few PFS connected to each other off the lower PFS, all via OSPF. I didnt want to use static as if lower goes away, the static may blackhole and not use other ABR's.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post