On 08/11/13 15:52, Dan wrote:
Hi,
I have a really annoying problem that I am trying to resolve. Assume
the following subnets.
Site A Internal: 10.10.0.0/16
Site B Internal: 10.50.0.0/16
Site B DMZ: x.y.z.0/24 ( Where this is a valid public subnet).
I have an ipsec vpn setup. The first phase 2 entry allows
10.10.0.0/16 and 10.50.0.0/15 to talk. This works perfect.
I then made a second phase 2, to allow 10.10.0.0/16 and x.y.z.0/24 to
communicate using the tunnel. This worked ok too.
The problem I'm having is that i have a handful of IP's spread out
randomly on site B DMZ that I need to exclude from the tunnel.
My current method of doing this is to split the phase 2 into 10
different entries, so that I work around the ips. This is very
painful to manage, and if a new ip gets added, then I need to break
the vpn again while i rework the phase 2 entries. Is there a better
solution for this?
I can upgrade to 2.1 if that resolves this.
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
Couldn't you block these IPs with firewall rules instead of excluding
them from the tunnel?
_______________________________________________
List mailing list
[email protected]
http://lists.pfsense.org/mailman/listinfo/list
