Some doubts about IPsec VPN / tunel configuration.



  • Hi everybody.

    I have some doubts with IPsec configuration and Firewall Rules with IPsec:

    • First.- I have configured a IPsec VPN with a remote firewall with NAT/BINAT and It's works fine.

    But I have a problem...

    I can configure one Remote Network, and only one, in the second phase (Phase 2) of the configuration of IPsec but I need reach several networks, for instance:

    Remote Networks: 10.10.10.0/24, 172.18.18.0/24 and 192.168.20.0/24

    If I configure each of these networks, I can reach the hosts wothout problems. But, how can I configure the firewall to reach all these networks at once?

    The only thing that cames to mind now is, for instance:

    • Configure one of the networks that I need reach (10.10.10.0/24) as Remote Network in the IPsec configuratios.
    • That in the Remote Network there is a Gateway (10.10.10.254) that know the networks 72.18.18.0/24 and 192.168.20.0/24.
    • Add one Gateway (10.10.10.254) in the Local Firewall.
    • Add two Static Routes sending the traffic to the reachable networks desired to the Gateway added (10.10.10.254).

    Do you know if this will work fine or It's a wrong idea and there are another best way to do this?

    • Second.- When the IPsec VPN is UP, how can I block all traffic from the remote site to my local site throught th VPN?

    Best regards


Log in to reply