4. Slave not reachable through ipsec tunnel

Slave not reachable through ipsec tunnel

  • C

    Hi all,

    I have the following setup:

    WAN(/24): 10.0.0.1 (VIP)
    10.0.0.2 Master
    10.0.0.3 Slave

    LAN(/24): 192.168.0.1 (VIP)
    192.168.0.2 Master
    192.168.0.3 Slave

    The Tunnel is up and running IPSEC is using the wan vip interface. Ping from the remote network (192.168.1.0/24) to the vip and master LAN address is working, ping to slave is timing out. Any ideas?

    Regards,
    cartman

    0
  • Rebel Alliance Developer Netgate

    That is normal/expected.

    The slave believes it has a better path back via its own tunnel, even though it is down.

    To fix it, you'll need to be on manual outbound NAT and add a rule so it does NAT on the traffic from the VPN subnet going to the slave's IP, and vice versa. that way it appears to originate from the opposing firewall and not the VPN, so the traffic returns as expected.

    0
  • C

    Works like a charm! Thanks a lot  ;D

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy