IPSEC / VPN Routing Question…

SystemSam · Aug 4, 2006, 12:43 AM

I feel dumb that I haven't figured this out - but things just aren't flowing tonight. I have the following setup:

192.168.1.0/24 <pfsense><–---- IPSEC----> <bizguardian>10.10.9.1

That works fine - traffic passes as expected...

Now the trick is that there is a 10.10.11.0/24 subnet behind the the 10.10.9.1 firewall that it knows about

How do I tell pfsense to route all 10.10.11.0 traffic to the 10.10.9.1 box to handle? I've tried a static route and adding rules to allow 10.10.11.0 traffic to the lan...

Any thoughts - sorry if its a dumb question and I'm just missing it!!

SystemSam</bizguardian></pfsense>

hoba · Aug 4, 2006, 5:33 AM

You need a second parallel tunnel for this as the traffic you want to send through doesn't match the tunneldefinition you already have. Add 2 identifiers at both ends to be used for this (as the tunnels will run between the same public IPs as endpoints). The second Tunnel should have the definition for 192.168.1.0/24 <-> 10.10.11.0/24.
Another (maybe in this scenario easier) solution is to change the subnetmask at the one end to 10.10.0.0/16. In both cases you need a static route at the pfSense located in the 10.10.9.0/24 subnet to the gateway to 10.10.11.0/24 subnet.