Hey All,
Recently started a company and decided to integrate some dedicated servers on the web into our network through a site to site VPN - Please see crude diagram:
First problem I encountered and inherited was this organisation is using a combination of Cisco Meraki MX60, MX64 and MX64Ws which suck. These firewalls are interconnected through a mesh VPN network – a connection into one allows them all to connect (from what I understand). I have successfully managed to connect the mesh VPN to the PFSense virtual firewall via an IPSec site to site VPN which is working. Current Rules:
PFSense:
• 500 UDP to Remote Office 1 • 4500UDP to Remote Office 1
Meraki:
• 500 UDP to PFSense FW
• 4500UDP to PFSense FW
IPSec Config on PFSense
10.0.0.0/8 172.16.0.0/24 ◄ Inbound ESP Remote Office 1 -> PFSense FW 172.16.0.0/24 10.0.0.0/8 ► Outbound ESP PFSense FW -> Remote Office 1
Unfortunately I cannot seem to ping or reach any hosts on either side of the tunnel and I’m unsure of what else I can try – I was hoping you’d be able to give me some pointers, stern words or things to investigate/think about.
There are other site-to-site VPNs connected to this mesh VPN to connect other servers to this network, which appear to have worked without too much issue. I understand this may be a little more tricky than this however.
Would be grateful for any help you can give.
No comments:
Post a Comment