IPSec - New Tunnel - Routing
-
HI Folks:
We have a NetGate SG4860 at our corporate site. Our remote site blew (literally fried) a similar model. I replaced it with another device (a major market vendor).
I was able to configure an IPSEC Site-to-Site between my Corp Site and Remote Site (call them C and R.)
Within the Netgate, I can ping the remote R-subnets). The tunnel is up and is passing traffic.
However, my C LAN clients cannot reach the R LAN and visa-versa.
Under PFSENSE->FW->Rules->IPSEC I have an allow all rule.
I have noticed that under DIAGNOSTICS->Routes that there is no entry for my remote subnets in the list.
However, under System-Routes->Static there is a route to the remote subnet to use the IPSEC VPN.
If I go to one of my LAN (C-subnet) servers and PING one of the Remote (R-subnet) devices, there's no response. The SYSTEM Log->Firewall never even shows a BLOCK or anyting between my LAN device (172.16.0.3) and the remote device (192.168.10.5).
I'm pulling my hair out. Help would be greatly appreciated. I am unable to figure out why the LAN to REMOTE subnet routing isn't working, though the tunnel is up and the PFSENSE can PING the other side.
It's probably something stupid. Been at this all day trying to figure out. My brain hurts.
-
You did add the correct remote network settings on the Phase2 entries right??