Wow, quite a long setup, but after thinking thru this, it all makes sense! Thanks for the reply Brad
On Wednesday 07 June 2006 15:57, Holger Bauer wrote: > You need parallel tunnels for both connections to work (explanation why at > the bottom): > > At remote Site 1: > > Tunnel1 to corefirewall: > local subnet: LAN > remote subnet: LAN subnet of Corefirewall > > Tunnel2 to corefirewall: > local subnet: LAN > remote subnet: LAN of Remote Site 2 (!) > > ----------------------------------------------- > Same for remote Site 2: > > Tunnel1 to corefirewall: > local subnet: LAN > remote subnet: LAN subnet of Corefirewall > > Tunnel2 to corefirewall: > local subnet: LAN > remote subnet: LAN of Remote Site 1 (!) > > ------------------------------------------------ > Corefirewall: > > Tunnel1 to remote Site 1: > local subnet: LAN > remote subnet: LAN subnet of remote Site 1 > > Tunnel2 to remote Site 1: > local subnet: LAN of remote Site 2 (!) > remote subnet: LAN of Remote Site 1 > > Tunnel 3 to remote Site 2: > local subnet: LAN > remote subnet: LAN subnet of remote Site 2 > > Tunnel4 to remote Site 2: > local subnet: LAN of remote Site 1 (!) > remote subnet: LAN of remote Site 2 > > ------------------------------------------------ > > To be able to divide the parallel Tunnels as they run between the same > public IPs you need to work with unique Identifiers for the tunnels. Create > a set of preshared keys for the tunnels. > > Btw, this doesn't work for a mobile Client setup as you can't set more than > one local subnet at the static end. > > So why is it complicated like this? Traffic with destination to remote site > 2 doesn't match the tunneldefinition you have between remote site 1 and > corefirewall, so the traffic won't be encapsulated into the tunnel but goes > out your real WAN. Static routes can't fix this. > > Will this change in an upcoming version of pfSense? I hope that but for > version 1.0 it has to be done this way. > > > Holger > > > -----Original Message----- > > From: Bill Marquette [mailto:[EMAIL PROTECTED] > > Sent: Wednesday, June 07, 2006 7:56 PM > > To: support@pfsense.com > > Subject: Re: [pfSense Support] IPSEC Firewall Rules > > > > > > Not sure that we enable tunnel to tunnel routing. Not sure if there's > > an option either, but that's what I'd look for. > > > > --Bill > > > > On 6/7/06, Brad Bendy <[EMAIL PROTECTED]> wrote: > > > Hello, > > > > > > I have a setup as follows: > > > Core-Firewall > > > - - > > > - - > > > - - > > > Remote-Site-1 Remote-Site-2 > > > > > > From the Core I can ping both remote sites, no problems. > > > > But I cannot get > > > > > traffic (ICMP or TCP/UDP) from remote-site-2 to remote-site-1. All 3 > > > firewalls have the default LAN rules as allow all from LAN > > > > subnet, to all > > > > > others. On the Core firewall, I also added a rule where the > > > > source is subnet > > > > > is allowed to all other subnets. > > > > > > Any clue what causes this, something else that I am missing? > > > > > > Any help would be great. > > > > > > Thanks! > > > Brad > > > > --------------------------------------------------------------------- > > > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > ____________ > Virus checked by G DATA AntiVirusKit > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
