Some doubts about IPsec VPN / tunel configuration.

  • Hi everybody.

    I have some doubts with IPsec configuration and Firewall Rules with IPsec:

    • First.- I have configured a IPsec VPN with a remote firewall with NAT/BINAT and It's works fine.

    But I have a problem...

    I can configure one Remote Network, and only one, in the second phase (Phase 2) of the configuration of IPsec but I need reach several networks, for instance:

    Remote Networks:, and

    If I configure each of these networks, I can reach the hosts wothout problems. But, how can I configure the firewall to reach all these networks at once?

    The only thing that cames to mind now is, for instance:

    • Configure one of the networks that I need reach ( as Remote Network in the IPsec configuratios.
    • That in the Remote Network there is a Gateway ( that know the networks and
    • Add one Gateway ( in the Local Firewall.
    • Add two Static Routes sending the traffic to the reachable networks desired to the Gateway added (

    Do you know if this will work fine or It's a wrong idea and there are another best way to do this?

    • Second.- When the IPsec VPN is UP, how can I block all traffic from the remote site to my local site throught th VPN?

    Best regards

Log in to reply