IPsec routing between 3 networks.

operator2024 · Mar 20, 2021, 9:28 AM

Hello guys.

The network structure looks like this.

Network A (192.168.88.0/24) -> IPsec -> Network B gateway (192.168.99.0/24) <- IPsec <- Network C (192.168.111.0/24)

There is the following task, from the network from the address 88.115 to access the address from the network 111.103 with port 6666

IPsec in tunnel mode.
I understand what needs to be done through NAT DST / SRC, but for some reason it does not work, traffic in one direction comes back to the gateway (pfSense), but does not return to 88.115.

Network B (pfSense) gateway

How can this be done?

operator2024 · Mar 22, 2021, 5:04 PM

@operator2024 The problem was resolved through the creation of an additional phase 2

pfsense2090 · Apr 22, 2021, 9:28 AM

@operator2024 Hi
I have same situation, no matter what I do I can't get a second phase 2 to come up when it uses a subnet that doesn't directly exist on a local interface.
could you please tell me what exactly you did so i can compare with my conf

in my case i have
Palo Alto --- IPsec ---- Pfsense --- IPsec --- AWS

Pfsense --- IPsec ---- Pfsense --- IPsec --- AWS

both don't work
could you please help