I have to connect our company network with the network of a customer to access some of their resources. The IT department of the customer defined a IPsec VPN in tunnel mode with two phase 2 configuration for two different subnets on their side. For both phase 2 configuration they defined a single address as our local network, because the customer needs no access to our side.
| Local Network |
Remote Network |
| 172.16.0.101/32 |
10.1.0.0/24 |
| 172.16.0.101/32 |
10.1.1.0/24 |
I was able to configure our pfsense that a single subnet can access the remote resources by setting our local subnet as local network in the configuration and the local network defined by the customer as NAT translation address
| Local Network Type |
Local Network Address |
NAT Translation Type |
NAT Translation Network Address |
Remote Network Type |
Remote Network Address |
| Network |
192.168.0.0/24 |
Address |
172.16.0.101/32 |
Network |
10.1.0.0/24 |
| Network |
192.168.0.0/24 |
Address |
172.16.0.101/32 |
Network |
10.1.1.0/24 |
My proble is that the remote network of the customer need to be accessed from different local networks not only one. These "local" networks can be LAN subnets, client VPN or Site-to-Site VPN to one of our branch offices.
How can I achieve this? I already tried to add another phase 2 configuration with the same settings and a different local network, but that seems not to work.
