Can you do an exception for the ranges ... so internet - private ips you dont want over the tunnel)
ike esp from 10.90.0.0/24 to any encrypt and 10.90.0.0/24 to NOT [networks you dont want over the tunnel) ? On Mon, 13 Sept 2021 at 13:02, Hrvoje Popovski <hrv...@srce.hr> wrote: > Hi, > > On 13.9.2021. 12:58, Tom Smyth wrote: > > Hi Hrvoje, > > > > is 10.90.0.0/24 <http://10.90.0.0/24> local to your firewall, and if I > > understand your rule, > > ike esp from 10.90.0.0/24 <http://10.90.0.0/24> to any you are > saying > > encrypt all traffic comming from 10.90.0.0/24 <http://10.90.0.0/24> > > > > should the tunnel be more specific ? like > > > > from 10.90.0.0/24 <http://10.90.0.0/24> to another network across the > > tunnel > > > > 10.90/24 is my local internal network, as other networks (10.91/24, > 10.92/24). > i need "ike esp from 10.90.0.0/24 to any"... because hosts on that > network need to go out to internet over ipsec tunnel ... but at the same > time hosts in that 10.90/24 network needs to communicate to other > internal networks... > -- Kindest regards, Tom Smyth.
