Netgate SG-1000 microFirewall

Author Topic: Multi VLAN routing over IPsec  (Read 605 times)

0 Members and 1 Guest are viewing this topic.

Offline cmdias

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Multi VLAN routing over IPsec
« on: March 18, 2017, 05:46:19 pm »
Hi Guys,

Need help.. long day and I cant find my error.....

Need to ROUTE multiple VLANS over 1 IPSEC tunnes

Phase 1 = OK

Phase 2 = OK for DATA VLAN (LAN) and routes OK between sites....
Phase 3 = OK for VOICE VLAN (VOICE) but WILL NOT ROUTE!!!!!!!

FIrewal rules for IPSEC on both boxes are set to ALLOW ANY/ANY for now...

any ideas ????


HEAD OFFICE:
VLAN 1 = DATA   192.168.25.0/24
VLAN 100 = VOICE = 10.100.25.0/24

BRANCH OFFICE (REMOTE)
VLAN 1 = DATA   192.168.26.0/24
VLAN 110 = VOICE = 10.100.26.0/24






Pictues of P1 and p2 entries for each site attached
« Last Edit: March 18, 2017, 05:50:39 pm by cmdias »

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 10260
  • Karma: +1177/-313
    • View Profile
Re: Multi VLAN routing over IPsec
« Reply #1 on: March 18, 2017, 05:51:27 pm »
Are both phase 2's coming up?
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline cmdias

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Multi VLAN routing over IPsec
« Reply #2 on: March 18, 2017, 05:57:30 pm »
yes but  found my error!!!!!  was no creating all P2 necessary.. pic to come soon

Offline cmdias

  • Newbie
  • *
  • Posts: 5
  • Karma: +0/-0
    • View Profile
Re: Multi VLAN routing over IPsec
« Reply #3 on: March 18, 2017, 05:59:27 pm »
here's the final setup and working great.... was just to tired... lol

Offline Daz22

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Multi VLAN routing over IPsec
« Reply #4 on: December 16, 2017, 10:59:36 am »
I wanted to see if I could get help doing the same idea but for my mobile clients. For example

Current topology

Network A 172.16.0.0/24
Network B 10.0.0.0/24
Network C 20.0.0.0/24

I want to grant specific clients access to the specific networks via IPSEC


Client A P2 Network 0.0.0.0/0 Default route access to all networks
Client B P2 Network 10.0.0.0/24 Access to Lab A network
Client C P2 Network 20.0.0.0/24 Access to Lab B network