• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Exclude Multiple Subnets In IPSec

Scheduled Pinned Locked Moved IPsec
3 Posts 2 Posters 312 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    m3ds0
    last edited by Dec 12, 2019, 7:33 PM

    Hi mates,

    I use IPSec to route some of my servers to connect to the internet through IPSec.
    When I create PH2 for specific IP and tunnel comes up everything works fine but my other subnets cannot communicate with that server.
    Is there any way to exclude my other subnets from These IPSec Tunnels?

    1 Reply Last reply Reply Quote 0
    • L
      lfoerster
      last edited by Dec 19, 2019, 9:31 AM

      Sorry but this is confusing.
      You say your subnets cannot work and you will "exclude" them from communication ? Makes no sense because why would you additionally exclude subnets which cannot work ? Excluding them means blocking them.
      Or do you want to make them work with your servers.
      That can be easily achived with widening the remote subnet mask in PH2.
      Suppose you have your local LANs all in the 10.1.x.y range with a 24 bit prefix 255.255.255.0 then just set the subnet mask to 16 bit like 10.1.0.0 /16.
      That will route all networks in the 10.1.x.y range into the tunnel to your servers.
      You can also add a static route but this is the quick an dirty solution and not the best on virtual interfaces !

      1 Reply Last reply Reply Quote 0
      • M
        m3ds0
        last edited by Dec 19, 2019, 10:35 AM

        Thank you for your reply,
        here's the scenario:
        I have 4 subnets

        1. LAN: 172.16.9.0/24
        2. MGMT: 172.16.121.0/24
        3. LAB1: 172.16.122.0/24
        4. LAB2: 172.16.123.0/24
          I want to route internet traffic for one of my servers in "LAB2" through IPSec, when the tunnel comes up the internet traffic for this server goes through the IPSec tunnel and works perfectly, but none of my machines in the other subnets cannot communicate with that server, I've tried everything in firewall rules but not hope.
        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received