Masquerade two different local nets into IPSEC tunnel [solved]

junicast

Hi,

I have setup an IPSec tunnel successfully setup but the remote end insists of us masquerading our IPs. That's what I also did, but we have actually two local subnets that we need to connect throught the tunnel to the remote site. One of it is a Roadwarrior's VPN.

Do I have to add a second IPSec tunnel in order to achieve that?
I tried to add a second phase 2 element to the IPSec tunnel but only one local net is able to connect through the tunnel.

Thank you
pfSense 2.4.4p3

wickeren

Try using the split connection option, might be the other side needs that.

junicast

@wickeren
That worked, thank you very much.

iorx

Hi, almost cross posting here . Because this need some visibility so other don't have to waste hours finding out that Cisco may needs this option with multiple phase 2 for a stable connection.

Ref: https://forum.netgate.com/topic/132546/ipsec-phase2-problem-pfsense-checkpoint
a slight hijack of this thread from me.

Split Connection was the solution to my problems too. IKE2, multiple phase 2 and Cisco ASA don't play well together (single phase 2 had no problems). This particular connection has now bean stable, 14h and counting.

Brgs,