On 29/08/2013 14:19, Jochem de Waal wrote:
Ok, I think I mispoke.I need to be able to access that remote ip. I just don't want it to go through ipsec.Basically I need that remote host to see my public ip that I'm natting on. When the traffic goes through ipsec, the remote host see's my internal ips.
In that case I think you need to define your phase 2 definitions to somehow exclude that IP address. It is possible, don't worry about having subnet network IPs and broadcasts in your definitions, they will still be mapped through.
It's not too difficult once you get your head around it.You might want to do some design clean up in the future, to ensure that contiguous ranges of IPs serve the purpose of going through the tunnel.
-- Regards, Giles Coochey, CCNP, CCNA, CCNAS NetSecSpec Ltd +44 (0) 8444 780677 +44 (0) 7983 877438 http://www.coochey.net http://www.netsecspec.co.uk [email protected]
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
