Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Exclude Multiple Subnets In IPSec

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 305 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      m3ds0
      last edited by

      Hi mates,

      I use IPSec to route some of my servers to connect to the internet through IPSec.
      When I create PH2 for specific IP and tunnel comes up everything works fine but my other subnets cannot communicate with that server.
      Is there any way to exclude my other subnets from These IPSec Tunnels?

      1 Reply Last reply Reply Quote 0
      • L
        lfoerster
        last edited by

        Sorry but this is confusing.
        You say your subnets cannot work and you will "exclude" them from communication ? Makes no sense because why would you additionally exclude subnets which cannot work ? Excluding them means blocking them.
        Or do you want to make them work with your servers.
        That can be easily achived with widening the remote subnet mask in PH2.
        Suppose you have your local LANs all in the 10.1.x.y range with a 24 bit prefix 255.255.255.0 then just set the subnet mask to 16 bit like 10.1.0.0 /16.
        That will route all networks in the 10.1.x.y range into the tunnel to your servers.
        You can also add a static route but this is the quick an dirty solution and not the best on virtual interfaces !

        1 Reply Last reply Reply Quote 0
        • M
          m3ds0
          last edited by

          Thank you for your reply,
          here's the scenario:
          I have 4 subnets

          1. LAN: 172.16.9.0/24
          2. MGMT: 172.16.121.0/24
          3. LAB1: 172.16.122.0/24
          4. LAB2: 172.16.123.0/24
            I want to route internet traffic for one of my servers in "LAB2" through IPSec, when the tunnel comes up the internet traffic for this server goes through the IPSec tunnel and works perfectly, but none of my machines in the other subnets cannot communicate with that server, I've tried everything in firewall rules but not hope.
          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.