Hi Hrvoje,
is 10.90.0.0/24 local to your firewall, and if I understand your rule,
ike esp from 10.90.0.0/24 to any you are saying
encrypt all traffic comming from 10.90.0.0/24
should the tunnel be more specific ? like
from 10.90.0.0/24 to another network across the tunnel
ike esp from 10.90.0.0/24 to {list of private network ranges that are
across the tunnel}
(remove any and replace with specific subnets to be routed across the Ipsec
tunnel)
without a diagram I cant help much more...
On Mon, 13 Sept 2021 at 11:36, Hrvoje Popovski <hrv...@srce.hr> wrote:
> Hi all,
>
> I have a firewall that routes few internal networks, 10.90/24, 10.91/24,
> 10.92/24. And i have some static routes to other firewalls, but i don't
> think that is relevant to this problem.
>
> For network 10.90/24 i have ipsec tunnel, and i need to push any traffic
> from that network to the internet, but not to local networks,
> over that ipsec tunnel.
>
> something like this:
> ike esp from 10.90.0.0/24 to any
>
> I thought that the routing table will take care of that, but i seems
> that when ipsec tunnel is up, i can't connect from local networks
> (10.91/24, 10.92/24) to 10.90/24 and I can't even ping hosts on the
> 10.90/24 network ...
> something like this ping -I 10.90.0.1 10.90.0.8 ...
> traffic from 10.90/24 to the internet is working just fine ..
>
> I need to make network 10.90/24 reachable to all local networks.
> Could someone please point me in the right direction on what to look and
> configure?
>
> Thank you ..
>
>
--
Kindest regards,
Tom Smyth.
