Hi, On 13.9.2021. 12:58, Tom Smyth wrote: > Hi Hrvoje, > > is 10.90.0.0/24 <http://10.90.0.0/24> local to your firewall, and if I > understand your rule, > ike esp from 10.90.0.0/24 <http://10.90.0.0/24> to any you are saying > encrypt all traffic comming from 10.90.0.0/24 <http://10.90.0.0/24> > > should the tunnel be more specific ? like > > from 10.90.0.0/24 <http://10.90.0.0/24> to another network across the > tunnel >
10.90/24 is my local internal network, as other networks (10.91/24, 10.92/24). i need "ike esp from 10.90.0.0/24 to any"... because hosts on that network need to go out to internet over ipsec tunnel ... but at the same time hosts in that 10.90/24 network needs to communicate to other internal networks...
