I have a Head Office and two Branch Offices.
I have an IPSec tunnel created between each Branch Office through to the Head Office.
Branch 1 192.168.83.0/24
connects through Tunnel 1
Head Office 10.0.5.0/24
connects through Tunnel 2
Branch 2 192.168.87.0 / 24
The IPSec tunnels both come up and work.
I can get traffic to/from each Branch Office through to the Head Office. All good.
However, I cannot get traffic from either Branch office through to the other Branch Office.
This is what I have done:
I have firewall rules on all firewalls allowing traffic to/from each of the 3 subnets.
On the head office, I specifically created a rule that allowed traffic between Branch 1 and Branch 2
On all the firewalls I added ipsec_route commands in the console, so that firewall knows to route the other branches subnet down the tunnel.
If I do a packet capture on a source branch firewall I can see traffic destined to the other branch enter into the IPSEC tunnel to the head office.
At the head office using packet capture I can't see the traffic arrive (however this may be that the IPSEC traffic doesn't show in a packet capture)
I believe the problem is in the head office firewall and it isn't routing the incoming traffic through into the other ipsec tunnel.
Due to the way the network works, I cannot create a third IPSEC tunnel directly between the branch offices. My only choice is to route it through head office.
This thread was automatically locked due to age.
