Central Office - Two Sattelite Offices - IPSec
-
Hello,
I have a central office which has an IPSec tunnel to both of our satellite offices.Satellite 1: 10.1.X.X
|
|
Central Office: 192.168.200.X
|
|
Satellite 2: 10.2.X.XThe tunnels work just fine when communicating between either satellite and the central office. What I want to achieve now is have Sat1 be able to route packets to Sat2 using the Central Office as the gateway to the other. I have tried adding a static route on Sat1 and Sat2, but to no avail. I simply get a response from the local router that the destination host is unreachable.
Anyone have any input here on how to achieve this? I am using PFSense 1.2
Thanks,
Geoff -
Yeah you will need to manually add static routes to get it route through the main office gateway.
If you get stuck just manually set another ipsec tunnel between both satellites, it isnt the best way to do things but it works fine (in theory)
-
Not only in theory, the third tunnel between the satellites works fine. I have this setup running because the 2 satellite offices have actual satellite connections to the main office. The direct connection over a second WAN has a much better response time.
Setting up rules requires a bit more attention. -
I've got the same situation. I'm not very good at the routing tables, does anyone know the commands I would use to make this example route work?
TIA,
Darren -
The tunnel takes care of the routing between the sites of the tunnel. the network 10.1.x.x will know where to find 192.168.200.X. For the 10.2.x.x network you will need to add a static route (no commands just add it in static routes in the GUI) it should look like: subnet 10.1.x.x /16 gateway central office.
Do the same on the 10.2.x.x end and make sure that the rules allow the traffic!