Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route from one ipsec to another

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 734 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      totalimpact
      last edited by

      Is it possible to have a router connect 1 ipsec site to another like so:

      subnet 1 > remote ipsec 1 >>>>>>> main office >>>> remote ipsec b > subnet b

      I need remote subnet b to have connectivity to remote subnet 1, but it has to tunnel through the main office, is this possible?

      would this use the binat setting?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Yes it's possible. No, don't use NAT. Just add matching P2s so site B sends site A's subnet via its main office connection, same for site A with site B's subnet.

        1 Reply Last reply Reply Quote 0
        • T
          totalimpact
          last edited by

          Yes, I already tried that, SAs come up green, but cant move traffic.

          I have Main office, and new satellite office B,

          For a long time at the main office, I have had 2 ipsec VPNs to 2 vendor networks: Site1, Site2, I wish OfficeB could access devices on these vendor networks, but it can only ping the main office, the main office has no trouble pinging everyone…. some sort of routing problem?

          This is the main office side:

          Then the satellite office:

          I should be able to ping 10.1.x.51 from officeB, but it only works at the main.

          I am also using manual out NAT, do I need to create rules for the ipsec interfaces? Which interface would the rule apply to?

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.