Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route traffic between IPSEC vpns

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      joelserrano
      last edited by

      Hi,

      Is it possible to route traffic between to different IPSEC vpns?

      This is my setup:

      LOCAL                        REMOTE
      VPN1: 192.168.30.0/24 <-> 10.0.0.0/16 (site-to-site)
      VPN2: 192.168.50.0/24 <-> 192.168.30.0/24 (mobile client)

      Both VPNs work as expected.

      I would like to access from 192.168.50.X to 10.0.X.X, if for example I send a ping from 192.168.50.1 to 10.0.0.1, the traffic tries to go through the WAN as if 10.0.0.1 was a public IP,

      Is there a way of achieving this? I suppose I will need a NAT rule to make traffic from 192.168.50.X appear with a 192.168.30.X when going to 10.0.X.X.

      Any hints?

      Thanks!
      Joel.

      1 Reply Last reply Reply Quote 0
      • J
        johnsonp
        last edited by

        Hi There

        I'm no expert, but we had this same scenario and this solved it for me - add another Phase 2 to your site-site network in which you specify your mobile IPSec range as local.  And the same on the other side of your site-site tunnel.

        Hope this helps!
        Peter

        1 Reply Last reply Reply Quote 0
        • J
          joelserrano
          last edited by

          Hi PeterJ, thank you for your answer. I'm going to try that tonight and get back with results.

          Best regards,
          Joel.

          1 Reply Last reply Reply Quote 0
          • J
            joelserrano
            last edited by

            Just FYI:

            I was able to test it right away and it works perfectly. After adding another P2 on both endpoints, I can connect with my mobile client to my home VPN, and from there access the LAN of the site-to-site VPN.

            Thanks for your suggestion!

            Best regards,
            Joel.

            1 Reply Last reply Reply Quote 0
            • J
              johnsonp
              last edited by

              Glad to have helped

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.