4. IPsec site to site and multiple networks

IPsec site to site and multiple networks

  • F

    Hi good people!

    I do not have any experience configuring IPSec tunnels.

    From what I have read I understand that I must create as many phase 2 as necessary to include non summariazable networks.

    Why does this have to be this way? Is this pfsense specific or just the way IPSec works?

    I saw some videos about fortinet and other vendors where it was only necessary to create routes.

    Thank you!

    0
  • Rebel Alliance Developer Netgate

    It's necessary in most every IPsec device but the methods are different.

    Some define the Phase 2 networks as we do. Ethers define them using ACLs, policies, or "routes" of sorts – no matter what you need to have a list of networks to allow on your side and IPsec destinations on the far side. Some try to automate or hide parts of it, but it makes diagnosing tunnel issues much more difficult than it needs to be.

    In the future it may be simplified somewhat by using aliases for Phase 2 networks, but that isn't possible yet.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy