Some doubts about IPsec VPN / tunel configuration.
I have some doubts with IPsec configuration and Firewall Rules with IPsec:
- First.- I have configured a IPsec VPN with a remote firewall with NAT/BINAT and It's works fine.
But I have a problem...
I can configure one Remote Network, and only one, in the second phase (Phase 2) of the configuration of IPsec but I need reach several networks, for instance:
Remote Networks: 10.10.10.0/24, 172.18.18.0/24 and 192.168.20.0/24
If I configure each of these networks, I can reach the hosts wothout problems. But, how can I configure the firewall to reach all these networks at once?
The only thing that cames to mind now is, for instance:
- Configure one of the networks that I need reach (10.10.10.0/24) as Remote Network in the IPsec configuratios.
- That in the Remote Network there is a Gateway (10.10.10.254) that know the networks 22.214.171.124/24 and 192.168.20.0/24.
- Add one Gateway (10.10.10.254) in the Local Firewall.
- Add two Static Routes sending the traffic to the reachable networks desired to the Gateway added (10.10.10.254).
Do you know if this will work fine or It's a wrong idea and there are another best way to do this?
- Second.- When the IPsec VPN is UP, how can I block all traffic from the remote site to my local site throught th VPN?