Multiple IPsec tunnels to the same Gateway



  • I want to replace a Linksys RV016 with pfSense 2.0.  There are 5 IPsec tunnels supported by the Linksys to the same gateway, different subnets.  Actually, we are not allowed to connect to the subnets but only to specific IPs within their subnets (192.168.101.40, 192.168.102.40, 192.168.103.40, etc…..).  The Linksys supports this, no other appliance does that I know of, and I thought pfSense 2.0 would.
    When I try to set up the second tunnel I getting the error: "The remote gateway is already used by phase 1, 'description/name'".

    Is there a way to do this?



  • Hi,

    what u wanna do? What Device is on Remotesite?

    There are 5 IPsec tunnels supported by the Linksys to the same gateway, different subnets

    ??? PfSense supports many^^ tunnels to same gateway, depends on ur hardware. U can provide multible phase 2 entries.

    Actually, we are not allowed to connect to the subnets but only to specific IPs within their subnets (192.168.101.40, 192.168.102.40, 192.168.103.40, etc…..).

    U can write it like this: 192.168.101.40/255.255.255.255 ;) u can use it as Remotesubnet. BUT ist important to know whats defined on Remotesite!

    cya



  • The device at the remote site is either Linksys or Cisco, I'm not sure.  They have an MPLS system connecting a home office and 6 satellite facilities.  We connect to their central gateway and specify an IP address for each tunnel (i.e. Tunnel#1= GW 97.67.xx.xxx, IP 192.168.101.40).
    In setting up pfSense IPsec tunnel, the GW and Preshared Key are in Phase 1, then the local and remote IPs are in Phase 2.
    In the Linksys we have a different Preshared Key for each tunnel (plus different local IP's)…. if they are all the same, maybe we could use one phase 1, and multiple phase 2's?

    Thanks!
    TC



  • You only need one phase 1 and multiple phase 2s.



  • Got it!
    ;D
    Thanks!


Locked