Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow DMZ to access second IPsec site

    Scheduled Pinned Locked Moved NAT
    3 Posts 2 Posters 300 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PL-EPI
      last edited by

      My knowledge of NAT and VIPs is somewhat limited so maybe what I'm hoping they can do isn't even a thing so feel free to turn me around and give me a simple "no". :)

      Is there a way to allow a server located in a DMZ to access a device located on the other side of an IPsec tunnel without having to add a Phase 2 on both sides ?

      LAN: 192.168.100.0/24
      DMZ: 10.0.66.0/24
      Remote LAN: 192.168.200.0/24

      Server: 10.0.66.10
      Printer: 192.168.200.30

      Can NAT somehow make the server (DMZ) IP 10.0.66.10 to look like it's coming from 192.168.100.199 so it then can go through the tunnel's existing Phase 2 and ping/send jobs to a printer on the remote side ?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @PL-EPI
        last edited by

        @PL-EPI said in Allow DMZ to access second IPsec site:

        without having to add a Phase 2 on both sides ?

        Why not? That's the proper way to go.

        If you're are not able to add a second phase 2 you can try to cover both, LAN and DMZ, with only one.
        E.g. change the DMZ network to 192.168..101.0/24 and the phase 2 to 192.168.100.0/23.

        1 Reply Last reply Reply Quote 0
        • P
          PL-EPI
          last edited by

          I do have it set up with a second Phase 2. I just thought there could be a better way to achieve the same result without having to go through each of the sites and adding a P2.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.