Thanks, Dan
On Thu, Aug 29, 2013 at 9:09 AM, Jochem de Waal <[email protected]> wrote: > ** ** > > > I'm running into a funny but annoying situation.**** > > I have an ipsec tunnel setup between two pfsense boxes. The tunnel is > working great, and I am allowing my office's /24 network to access a remote > datacenters /24 public ips through the vpn.**** > > The problem is that we have one ip (.103) on the remote network which I > need to NOT go through the vpn.**** > > I've tried playing with static routes, and firewall redirects but had no > luck. **** > > How can i exclude a single ip from the ipsec phase2 entry? Am I going to > have to break my phase 2 entry into multiple entries so that I can skip > over this one ip, or is there a better way?**** > > **** > > Thanks,**** > > Dan**** > > **** > > **** > > *Van:* [email protected] [mailto: > [email protected]] *Namens *D C > *Verzonden:* donderdag 29 augustus 2013 14:56 > *Aan:* [email protected] > *Onderwerp:* [pfSense] Remove a single ip from ipsec**** > > **** > > Create a Block rule on IPSEC above the allow rule**** > > ** ** > > This would be ideal, but I don't see an option to do this. I'm using > pfsense 2.0.1-RELEASE amd64**** > > **** > > ** ** > > **** > > **** > > Cheers,**** > > Jochem**** > > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list**** > > Hi Dan,**** > > ** ** > > In pfSense at the LOCAL site goto:**** > > ** ** > > FIREWALL à RULES à IPSEC**** > > ** ** > > Above the allow rule for the remote network segment place a block rule for > that single IP. > Ok, I think I mispoke. I need to be able to access that remote ip. I just don't want it to go through ipsec. Basically I need that remote host to see my public ip that I'm natting on. When the traffic goes through ipsec, the remote host see's my internal ips. > **** > > ** ** > > Grtx,**** > > Jochem**** > > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list > >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
