VPN IPsec with various Phases 2.



  • Hi everyone,

    I am trying configure a VPN IPsec connection with various Phases 2:

    -----------------------------------------------------------------------------------------
     Local Net.               NAT/BINAT                Remote Net.
    -----------------------------------------------------------------------------------------
    10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
    10.20.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
    10.30.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
    -----------------------------------------------------------------------------------------
    

    I presume that Remote Peer is a Palo Alto Firewall but I haven't control over it.

    Well, I have configured the 3 Phases 2 in my pfSense.

    When I connect the Phase 1, it connect without problems but the Phases 2 in my pfSense only connect and works the Phase 2 configured in first place, that is:

    -----------------------------------------------------------------------------------------
     Local Net.               NAT/BINAT                Remote Net.
    -----------------------------------------------------------------------------------------
    10.10.0.0/16 -----> 192.168.1.0/24 -----> 10.100.10.0/24
    -----------------------------------------------------------------------------------------
    

    If I leave enabled only one Phase 2, this Phase connects and works fine but I can't connect the three Phases 2 at once.

    I have spoken with the Remote Peer Admin and he tell me that he only has configured in his Firewall to permit the NAT (192.168.1.0/24) but nothing with my 3 Phases 2.

    Does anyone know if he need configure something in his Firewall to permit connect my 3 Phases 2 at once?

    I have another connection with about 10 Phases 2 connected without problems with other Remote Peer.

    Will the problem be in my side of the connection configuration?

    Regards,

    Ramsés


Log in to reply