• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Routing to remote subnet via IPSEC that is peered to PFS by routing protocol

Scheduled Pinned Locked Moved IPsec
2 Posts 1 Posters 345 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mountainlion
    last edited by Dec 6, 2018, 11:17 PM

    Ok, I have a site to site vpn setup. I can successfully reach from 10 to 192 and from 192 to 10. I cant however reach to 172. 172 is a network on a separate router, connected via OSPF. the subnet of the 172 is in the lower PFS routing table.... however none of the Phase2 networks are in the routing table. So the 10 network is not being advertised to 172 router.

    I imagine I can create a static route on the 172 router, or I can advertise a default route from lower PFS... or make a static route on lower PFS and advertise connected... but I am uncertain of where the Phase 2 networks are being forwarded to....

    FW rules arent a factor here, wide open.
    I am sure this has been dealt with, anyone have a best practice?

    0_1544138137158_20181206_162658v2.jpg

    1 Reply Last reply Reply Quote 0
    • M
      mountainlion
      last edited by Dec 7, 2018, 12:46 AM

      I did go to the 172 router and add a default route of the lower PFS... and it works, but there are a few PFS connected to each other off the lower PFS, all via OSPF. I didnt want to use static as if lower goes away, the static may blackhole and not use other ABR's.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received