Masquerade two different local nets into IPSEC tunnel [solved]



  • Hi,

    I have setup an IPSec tunnel successfully setup but the remote end insists of us masquerading our IPs. That's what I also did, but we have actually two local subnets that we need to connect throught the tunnel to the remote site. One of it is a Roadwarrior's VPN.

    masq_pfsense_ipsec.png

    Do I have to add a second IPSec tunnel in order to achieve that?
    I tried to add a second phase 2 element to the IPSec tunnel but only one local net is able to connect through the tunnel.

    Thank you
    pfSense 2.4.4p3



  • Try using the split connection option, might be the other side needs that.



  • @wickeren
    That worked, thank you very much.



  • Hi, almost cross posting here ☺ . Because this need some visibility so other don't have to waste hours finding out that Cisco may needs this option with multiple phase 2 for a stable connection.

    Ref: https://forum.netgate.com/topic/132546/ipsec-phase2-problem-pfsense-checkpoint
    a slight hijack of this thread from me.

    Split Connection was the solution to my problems too. IKE2, multiple phase 2 and Cisco ASA don't play well together (single phase 2 had no problems). This particular connection has now bean stable, 14h and counting.

    Brgs,


Log in to reply