• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Ipsec to network with multiple gateways

Scheduled Pinned Locked Moved IPsec
2 Posts 1 Posters 1.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    riaano
    last edited by Sep 9, 2011, 12:09 PM

    Hi,
    my network looks something like this:

    10.0.0.10 - 10.0.0.100  –--> 10.0.0.1 (pfsense with ipsec) ----> internet

    10.0.0.101 - 10.0.0.120  ----> 10.0.0.2 (pfsense without ipsec) ------> internet

    10.0.0.121 - 10.0.0.199 -----> 10.0.0.3 (pfsense without ipsec) ------> internet

    now my remote side connects to 10.0.0.1 via ipsec with phase 1 and 2 identical on both sides.
    the remote side can access / connect / ping any of the machines in range 10.0.0.10 - 10.0.0.100 and visa versa but not to the other machines.

    jimp : you suggested adding additional phase 2 entries, i tried, but im not sure im doing it correct...do i add the other phase 2 entries to point to a          single address ?

    any other help will also be appreciated.

    Thanks

    1 Reply Last reply Reply Quote 0
    • R
      riaano
      last edited by Sep 12, 2011, 9:42 AM

      Hi, i think i found my answer by playing around a bit.

      My remote network is 10.1.105.0/24, i then added a route on 10.0.0.2 –> route add -net 10.1.105.0 10.0.0.1 255.255.255.0
      then i could access the machines running through gateway 10.0.0.2

      i hope this might help someone else.

      Thanks,

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received