On 10/22/07, Michael Richardson <[EMAIL PROTECTED]> wrote: > Perhaps I'm seeing the issue incorrectly then. I have 2 pf boxes at > different locations. Box A is Class C (192.168.10.0/24), Box B is Class C > (192.168.1.0/24). A and B are connected via an IPSEC VPN tunnel, but Box B > also has a tunnel to another VPN terminator. I want to add a static route to > Box A to get traffic to the VPN terminator via B. > > Box A (pf Sense) = 192.168.10.0/24 > Connects to (using IPSEC): > Box C (pfSense) = 192.168.1.0/24 > Connects to (using IPSEC): > Router C (unknown brand, managed) = 192.168.3.0/24 > > I need to get traffic from the network behind Box A to Router C and I > thought a static route would be the way, but I don't believe the LAN or WAN > interface is appropriate because the use of IPSEC tunnels. Am I thinking > about this the wrong way?
yes. Traffic can't cross the tunnel unless you have a security association for it. You'll need to add 192.168.3.0/24 to the A->B and B->A tunnels. You'll also need to add 192.168.10.0/24 to the B->C and C->B tunnels. To make this work in pfSense, just create another tunnel between A and B with the 192.168.1.0 subnet in it. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
