point your default gateways to the main internet connection and NOT to the MPLS-Gateways.
NAT enabled. But I am doing this already, all branch computers are sent to the internet server in the main office via the router on branch sites to get the Net-to-Net (172.16.11.0/24 <http://172.16.11.0/24> <-> 172.16.0.0/21 <http://172.16.0.0/21> ) working: just create a IPSEC VPN-Tunnel from each pfsense box to the other one through the mpls routing/switching, which (the mpls) is not really necessary if you have static WAN-Addresses, but can help to have a stable vpn-tunnel. i.e. IF-MPLS-Address Main Site connects to IF-MPLS-Address-Branch site, et vice versa. so an IPSEC-VPN between those two endpoints should do it. the mpls gateways do not know anything about any 172.16.0.0 net. not their job. :8~) i _think_ the wish is to have the clients communicating with each other like 172.16.4.5 can talk freely to 172.16.11.45 et vice versa. so create each VPN-Side with the access to the certain internal network. no NAT necessary. further reading for understanding recommended: Richard W. Stevens TCP/IP and/or Addison Wesley: TCP/IP and ONC/NFS Thank you any site to get me started with basic IPSEC VPN-Tunnel on pfSense ? thanks hth = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
