Slave not reachable through ipsec tunnel
-
Hi all,
I have the following setup:
WAN(/24): 10.0.0.1 (VIP)
10.0.0.2 Master
10.0.0.3 SlaveLAN(/24): 192.168.0.1 (VIP)
192.168.0.2 Master
192.168.0.3 SlaveThe Tunnel is up and running IPSEC is using the wan vip interface. Ping from the remote network (192.168.1.0/24) to the vip and master LAN address is working, ping to slave is timing out. Any ideas?
Regards,
cartman -
That is normal/expected.
The slave believes it has a better path back via its own tunnel, even though it is down.
To fix it, you'll need to be on manual outbound NAT and add a rule so it does NAT on the traffic from the VPN subnet going to the slave's IP, and vice versa. that way it appears to originate from the opposing firewall and not the VPN, so the traffic returns as expected.
-
Works like a charm! Thanks a lot ;D
