Accessing both ends of ipsec tunnel using road warrior setup



  • Hello,

    I currently have the following ipsec tunnel set up between our datacenter and office, and it's working perfectly from either end.

    DC: 10.10.10.0/24 network (LAN), 192.168.1.0/24 network (DMZ)
    Office: 10.1.10.0/24 network (LAN)

    I can get access to any devices on any network, as long as we're physically on one of the three networks.  No problems.

    I also set up a road warrior access setup going into our office network.  When you're connected using a VPN client, you can access anything on the office network.  No problems there.

    The problem is that you can't reach the other end of the tunnel when remoted in;  I can't get to any of the datacenter equipment when VPN'd in to the office.  This is likely some kind of routing or gateway issue, but I'm not familiar enough with ipsec to really know what I'm doing wrong here.  I'd like this setup, as we'd be able to properly lock down our datacenter ports to remove any possible outside entry from anywhere but the office.

    Any help would be greatly appreciated, and if you need any more info to make sense of this setup, let me know!



  • Bump.  This doesn't seem like a hard question, I just need a little assistance.



  • Last bump, I was able to resolve this, so I figured I'd leave the solution in case it helps anyone else in the future.

    The issue, as suspected, was routing:  packets didn't know, once they left the office through ipsec, how to get back.  I needed to go back into the ipsec setup and pass the new OpenVPN virtual tunnel subnet through as additional phase2 entries.  Once I did this, everything started working smoothly, and we no longer have problems.