IPSEC to IPSEC Link Over PfSense - LAN to Remote DMZ Access?

TerminalE

How can I configure PfSense to allow the DMZ segments to communicate or one Private LAN segment to a DMZ segment to communicate?
I’d like to be able to RDP from the LAN to the DMZ for remote server management. Currently I have to RDP to a server in the remote LAN segment and then RDP into that segments DMZ.

Please reference the attached diagram for additional information!

Thanks,
Jeff
![Kenosha-Charleston PfSense Diagram.jpg](/public/imported_attachments/1/Kenosha-Charleston PfSense Diagram.jpg)
![Kenosha-Charleston PfSense Diagram.jpg_thumb](/public/imported_attachments/1/Kenosha-Charleston PfSense Diagram.jpg_thumb)

heiko

One Option
You need for example two tunnels

LAN –> LAN --> with phase 1 = User FQDN => lan@ipsec.de (any fantasy FQDN)
LAN --> DMZ --> with pahse 1 = User FQDN => dmz@ipsec.de (any fantasy FQDN)

But, this runs for me not in the main mode only aggressive....

Greetings
Heiko
P.S. thx hoba

TerminalE

I'll give this a shot!!! Update… That worked perfect!

Awesome!!!

@heiko:

One Option
You need for example two tunnels

LAN –> LAN --> with phase 1 = User FQDN => lan@ipsec.de (any fantasy FQDN)
LAN --> DMZ --> with pahse 1 = User FQDN => dmz@ipsec.de (any fantasy FQDN)

But, this runs for me not in the main mode only aggressive....

Greetings
Heiko
P.S. thx hoba