On Tue, Sep 22, 2009 at 12:46 PM, Evgeny Yurchenko <[email protected]> wrote: > Then sorry Scott, I do not understand your statement: "Traffic on the > firewall itself prefers the system routing table. Clients behind the > firewall will prefer the IPSEC tunnel." > In my case traffic initiated on the firewall itself goes over the tunnel, > client behind firewall goes over normal routing table/nat while it must go > over the tunnel. And I've almost broken my head trying to understand why.
Sorry, I meant when you are pinging from the firewall itself. Double check your subnet information. This should work and I know folks running IPSEC on PPPoE hosts. If you continue to have problems we need more information such as the IPSEC SPD/SAD entries. Scott --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
