.
Goal: Establish IPSEC tunnel between Router 1 and Router 3
I recently started deploying additional routers in my network.
As per the diagram, I have Router 2 and 3 on the same local side running OSPF.
Router 2 hosting the WAN connection, how do I establish an IPSEC tunnel between a subnet on Router 1 and a subnet on Router 3?
ipsec diagram.jpg
Simple. IPsec hosts must be reachable by routing. Then config IPsec, that’s all.
Well I setup an ipsec tunnel between Router 1 and Router 2. Since Router 2 has a route through OSPF to the subnet I am trying to reach on Router 3 I thought the IPSEC policy containing the subnet on router 3 would be forwarded through the route table on router 2 but it doesnt seem to be working that way…
Tell the rouer one about IPsec host from router 3.
Agreed. The subnet on Router 3 that I am trying to reach is 10.40.5.0/24
I put that in the policy for Router 1 and Router 2 but I am ultimately not able to ping from Router 1 to the above subnet on Router 3
10.40.5.0 is reachable from R1?
No… that is what I am trying to accomplish.
Make it reachable. It’s classic routing/NAT.
I did the appropriate NAT rules on Router 1 and Router 2 but no dice. Will try it again tonight.
So just to confirm, I should be able to setup an IPSEC tunnel between Router 1 and 2 with appropriate NAT rules and since Router 2 has a route to Router 3 subnet I am trying to reach, it should work correct?
If you performing dstnat on R2 in order to reach R3 with udp 500 and 4500 from R1, it will work. If there is no NAT translation, you will need to know R3 network through R2 on R1.