Hi,
I have a really annoying problem that I am trying to resolve. Assume the
following subnets.
Site A Internal: 10.10.0.0/16
Site B Internal: 10.50.0.0/16
Site B DMZ: x.y.z.0/24 ( Where this is a valid public subnet).
I have an ipsec vpn setup. The first phase 2 entry allows 10.10.0.0/16
and 10.50.0.0/15 to talk. This works perfect.
I then made a second phase 2, to allow 10.10.0.0/16 and x.y.z.0/24 to
communicate using the tunnel. This worked ok too.
The problem I'm having is that i have a handful of IP's spread out
randomly on site B DMZ that I need to exclude from the tunnel.
My current method of doing this is to split the phase 2 into 10
different entries, so that I work around the ips. This is very painful
to manage, and if a new ip gets added, then I need to break the vpn
again while i rework the phase 2 entries. Is there a better solution
for this?
I can upgrade to 2.1 if that resolves this.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
