RE: [pfSense Support] PPTP & Ipsec

Tue, 29 Apr 2008 17:06:06 -0700 

Thanks Scott,
        Yes it does. The device on the other end is a Cisco ASA, when the
tunnel comes up it inserts the network as a connected route and puts an
entry in the FIB for the 2.2.2.0/24. The rest of the environment (on the
other side of the tunnel) learns that route from OSPF. Looks like I am going
to run some debugs. If anyone has any thoughts on this I am all ears.
Thanks.

        Wade B


Wade Blackwell

"Integrity is often more painful and always more profitable than perception
management"

-----Original Message-----
From: Scott Ullrich [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, April 29, 2008 3:04 PM
To: [email protected]
Subject: Re: [pfSense Support] PPTP & Ipsec

On 4/29/08, Wade Blackwell <[EMAIL PROTECTED]> wrote:
> Good morning PFsense fans,
>         Greetings from the starting to get sunny Northwest. I am not 
> sure if  what I am trying can be done or not. In concept I know it's 
> possible but  I am not seeing the desired results where the rubber meets
the road.
>  Basic setup is this;
>
>         Network A
>         1.1.1.1/24
>           |
>           |
>           |
>  I-net----PF---PPTP clients 3.3.3.3/28
>           |
>           |
>           |
>       IPsec tunnel to 2.2.2.0/24
>
>  Goal: To have PPTP clients connect in and connect to the PF and then  
> have access to 2.2.2.0/24 over the IPsec tunnel. The tricky part (I am
>  assuming) is that for the tunnel to come up the PPTP clients to bring  
> the IPsec tunnel up they need to be sourced from 1.1.1.0/24. What I 
> did,  attempting to make this work, was to setup the advanced outbound 
> NAT  allowing all PPTP clients destined for 2.2.2.0/24 to be natted 
> with the  interface IP of network A. I am running 1.2-RC2 if that has any
bearing.
>  If anyone has tried this or has some insight I would be stoked. 
> Thanks  all.
>  --
>  Wade B

 Make sure a static route exists on 2.2.2.0/24 to point back to
1.1.1.0./24 if I am reading this correctly.  I have not tried this, so YMMV.

Scott

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED] For additional
commands, e-mail: [EMAIL PROTECTED]

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to