Am I missing anything about setting up a server at a colo?

  • I'm going to move my SBS2011 to a colo.  At the colo I'll have a pfSense 2.1 x64 and at the home office I have another, identical pfSense 2.1 x64.

    At the moment I have both pfSense boxes in the same physical location.  The existing home pfSense has been running fine and I am setting up an IPsec tunnel between the two.

    I've setup the tunnel and created a pass everything rule in firewall > rules > ipsec (on both pfSense firewalls).  In the new pfSense firewall, the one going to the colo, I have setup NAT for the typical SBS ports being used (25, 443, 987, and 4125) on the WAN, and I have a pass everything for LAN.

    Am I going to be able to have access to my server as though it were "local" or am I missing something critical?  My goal is to have the tunnel working such that all local requests to the SBS server are transparently handled.  SBS will be handing out DHCP IP addresses, it will do DNS, etc… it will just be in a different physical location.

    I would like all internet browsing to go through the local/home pfSense, not going up the VPN tunnel and exiting the colo.  I think for that I just change the gateway address on the SBS to the IP address of the local pfsense.

    The docs on pfSense relating to IPsec seem to be for v1.2.3 - helpful but not everything carries across.

    home LAN:
    colo LAN: