Two networks routing to their own internal VPN
entizer last edited by
Our network is configured in a way that we have two physical separate networks. Up until recently, they were always kept separate but I am now attempting to integrate them some and we now have a VPN to our corporate offices.
I am planning on using pfSense to replace our gateway software and make our complexity a little more simple.
Currently we have the two networks and they both connect via their own port to a Sonicwall T215, which I have setup rules for the firewall to permit traffic we see fit, as well as our site-to-site VPN to our corporate offices.
My plan was to setup pfSense to have a static route for each network that would point to their respective Sonicwall port, thus I could have one gateway to control both networks. However, it seems that you can only setup duplicates route for each interface.
So, knowing that this was not possible, I attempted to setup a route that all the traffic would go through. This would still be sufficient, data would still get to the Sonicwall and firewall rules would still take effect. However, I have found that I can only get to our VPN/remote networks for the network that the static route is applied to, by changing the gateway device.
10.10.11.253 / \ 10.10.11.254
VPNs Networks–--------SonicWall pfSense-------------Internet
192.168.1.0/24 10.10.10.253 _10.10.10.0/24__/ 10.10.10.254
These are the two static routes I can create but cannot have them in at the same time, so only one works at a time. However, when one is in place, that side functions fine but the other does not. I'm not sure what I am missing.
Static Route 192.168.1.0/24 via 10.10.11.253
Static Route 192.168.1.0.24 via 10.10.10.253
Hopefully the above diagram will help understand. The pfSense would have route(s) to the VPN networks via the Sonicwall. Right now I can only get one side to work at a time when I set the route to it's own gateway that is located on it's network. I have opened all traffic between the networks, so each LAN can contact each other.
I'd prefer not to have to setup our networks with an individual pfSense on each.
Thanks for any help that can be provided.