Masquerade two different local nets into IPSEC tunnel [solved]

  • Hi,

    I have setup an IPSec tunnel successfully setup but the remote end insists of us masquerading our IPs. That's what I also did, but we have actually two local subnets that we need to connect throught the tunnel to the remote site. One of it is a Roadwarrior's VPN.


    Do I have to add a second IPSec tunnel in order to achieve that?
    I tried to add a second phase 2 element to the IPSec tunnel but only one local net is able to connect through the tunnel.

    Thank you
    pfSense 2.4.4p3

  • Try using the split connection option, might be the other side needs that.

  • @wickeren
    That worked, thank you very much.

  • Hi, almost cross posting here ☺ . Because this need some visibility so other don't have to waste hours finding out that Cisco may needs this option with multiple phase 2 for a stable connection.

    a slight hijack of this thread from me.

    Split Connection was the solution to my problems too. IKE2, multiple phase 2 and Cisco ASA don't play well together (single phase 2 had no problems). This particular connection has now bean stable, 14h and counting.


Log in to reply