Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Phase2 entry with public remote subnet

    Scheduled Pinned Locked Moved IPsec
    4 Posts 3 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rubenc
      last edited by

      Hi,

      I'm facing a complicated problem. Already tried playing with routings and so, but without luck.

      One of my IPsec tunnels ph2 entries, is defined to have, as remote subnet, a public /16 network. The tunnel has other ph2 entries with private remote subnets working properly. I suspect that somehow, as the remote subnet is public, it's not being caught by racoon.. but I've found no reference at all for this particular setup. Maybe it just can't be done, I don't know..

      Any ideas?

      Thanks,

      Rubén.

      Hardware: SC1935 | WAN: em (PCIe) | LAN: bge (onboard) | RAM: 2Gb
      2.0-RC2-IPv6 (i386)
      built on Sat May 21 21:38:32 EDT 2011

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Doesn't matter whether it's public or private, there is no concept of public or private IPs within IPsec, they're just IPs or networks that are all treated equally. Lot of VPNs use public IPs. As long as the traffic you want to go across matches the P2 local and remote networks, it'll work.

        1 Reply Last reply Reply Quote 0
        • R
          rubenc
          last edited by

          That's what I thought… a network is a network. Ok, we'll continue debugging, thanks :)

          Hardware: SC1935 | WAN: em (PCIe) | LAN: bge (onboard) | RAM: 2Gb
          2.0-RC2-IPv6 (i386)
          built on Sat May 21 21:38:32 EDT 2011

          1 Reply Last reply Reply Quote 0
          • G
            GroundX
            last edited by

            Have a chek at the IPSec logs on each end and I'm sure you'll find the answer :)

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.