Welcome, Guest. Please login or register.

Author Topic: Multiple Phase 2 Entries for IPSec Tunnels  (Read 714 times)

tuaris

  • Newbie
  • *
  • Posts: 17
  • Karma: +0/-0
    • View Profile
Multiple Phase 2 Entries for IPSec Tunnels
« on: March 22, 2021, 06:51:54 PM »
In case the title isn't self explanatory, this allows you to use IPsec with multiple subnets.  The diagram below explains this.

Without another phase 2 entry, hosts 192.168.7.123 and 10.8.8.2 are unable to communicate with each other.  Unless there was a way to tell t1n1wall to route traffic from 192.168.7.0/24 to 10.8.8.0/24 over the existing IPSec tunnel (which there isn't and static routes don't work). 

Additionally, some have suggested to create a 3rd IPSec tunnel using the same keys and endpoints, but with different subnets.  That doesn't work either.  It results in only one of the two tunnels working.



The correct solution is the create a second phase 2 entry for the existing IPSec tunnel.
« Last Edit: March 22, 2021, 06:54:02 PM by tuaris »

andywhite

  • Administrator
  • Full Member
  • *****
  • Posts: 124
  • Karma: +0/-0
    • View Profile
Re: Multiple Phase 2 Entries for IPSec Tunnels
« Reply #1 on: April 07, 2021, 11:56:46 AM »
Hi,  Is there a link to the diagram ?  I can't understand the request without it I think