IPsec and DMZ

speedy-luis

Hello!

We have one headquarter and one branch office connected via IPsec-VPN. On both sites is pfSense. Tunnel is working fine.
My problem is to reach the DMZ in headquarter from branch office.

Do you have any ideas, why it doesn´t work.

Sorry for my bad english.

Greetz speedy

A Former User

Hello Speedy,

this can be a few things …
Can you give us more information about your config?

Can you ping a server in your dmz?
Did you check your firewall rules and the logs?
Is your routing working fine?

Greetings, Sanches

speedy-luis

Hello,

the problem is, that the branch office doesn´t have a route to DMZ in headquarter.

Here my configuration:

headquarter:
em0 –> WAN 217.x.x.10/29    gw--> 217.x.x.9/29
em1 --> LAN  192.168.4.1/24
em2 --> DMZ 192.168.5.1/24  gw--> 217.x.x.9/29

branch office:
em0 --> WAN 62.x.x.10/29      gw--> 62.x.x.9
em1 --> LAN 192.168.10.1/24

The tunnel is configured like this:

Phase1: Interface = WAN headquarter ; Remote Gateway = WAN-address branch office (and vice versa)
Phase2: Local Network = LAN subnet headquarter ; Remote Network = LAN address branch office (and vice versa)

I don´t know, how to configure the tunnel between DMZ headquarter und LAN subnet branch office.

Thank you for your help and sorry for my bad english.

Greetings

A Former User

Hello,

i thought, there is just 1 post, but http://forum.pfsense.org/index.php/topic,50914.0.html
It's the same, just in the german support.

We should close this one and keep going in the german one …

My german is also better  ;D

Greetings / Gruß

Sanches