DMZ Access
-
We have two sites both use a Draytek ADSL modem/Firewall as the first layer of protection before a DMZ where there is a pfsense box to actually provide content/virus etc control.
The two pfsense boxs (1.2.3) have an IPSEC VPN linking them and it works GREAT! Our problem is trying to manage a web server that is on the DMZ of one site from within the LAN of the other site. We can see the "public" face of it but are unable to gain full access via the VPN - I am sure it is a simple(?) routing issue but we seem unable to make it work - suggestions/clues gratefully received
Thanks
Andrew
-
You can't route IPsec, so it's really a question of IPsec Phase 2 settings.
You would either need two separate tunnels, one for each subnet present on the side with the DMZ network, or they would have to be close enough in numbering that you could just specify a subnet mask that would cover them both (but not the network at the other site).
Or just ditch the IPsec tunnel, put in OpenVPN site-to-site shared key, and route however you like without the headache of IPsec. :-)
It's easier on 2.0 though with IPsec, you can just specify multiple networks under a single tunnel.
