[ipsec] LAN, OPT1, and OPT2 -> cisco pix
-
Right now I have a tunnel between the pfsense LAN and the LAN on the pix and it's working fine. I now have a server on OPT1 (public class c) that needs to reach a server on the LAN on the pix. I tried setting a static route and doesn't work. Do I need to setup an ipsec tunnel for both OPT1 and OPT2? Should be able to just use the firewall's ip of OPT1 and OPT2 so the endpoint ip's differ (man I can't wait till v2 with multiple subnets) The problem I see happening is I don't want route all traffic through the vpn…
Lets say the local public ip the server has is 5.5.5.10 on OPT1. I want that server to talk to 192.168.40.10 which is on the remote end of ipsec tunnel. If I setup the new ipsec tunnel between 5.5.5.0/24 and 192.168.40.0/24 then anything on the 192.168.40 network that wants to talk to anything on 5.5.5.0 network will want to go through the tunnel, even it's already open to the internet (like port 80 for example). That's not necessarily a bad thing but I'd rather have it go through the internet if possible. Really all connections should be originating from 5.5.5.0 end but I need to setup the access list so it matches all traffic for sending the return data back.