Hello is this config ok?
1
src-address=192.168.7.0/24 src-port=any dst-address=192.168.10.0/24 dst-port=any protocol=all action=encrypt
level=unique ipsec-protocols=esp tunnel=yes sa-src-address=x.x.x.x sa-dst-address=y.y.y.y
proposal=proposal1 priority=0
2
src-address=192.168.7.0/24 src-port=any dst-address=192.168.11.0/24 dst-port=any protocol=all action=encrypt
level=unique ipsec-protocols=esp tunnel=yes sa-src-address=x.x.x.x sa-dst-address=y.y.y.y
proposal=proposal1 priority=0
3
src-address=192.168.7.0/24 src-port=any dst-address=192.168.12.0/24 dst-port=any protocol=all action=encrypt
level=unique ipsec-protocols=esp tunnel=yes sa-src-address=x.x.x.x sa-dst-address=y.y.y.y
my side 192.168.7.0/24
client side: 192.168.10.0/24 (this one works)
192.168.11.0/24
192.168.12.0/24
Re: ipsec three subnet
At least policy configuration looks ok.
Re: ipsec three subnet
Ok, thanks. So independently what kind of router is on other side that should work?
The rest of config (nat, route)
NAT
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.10.0/24 log=no log-prefix=""
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.11.0/24 log=no log-prefix=""
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.12.0/24 log=no log-prefix=""
ROUTE
dst address pref source gateway
192.168.10.0/24 192.168.7.250 WAN1 19
192.168.11.0/24 192.168.7.250 WAN1 19
192.168.12.0/24 192.168.7.250 WAN1 19
The rest of config (nat, route)
NAT
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.10.0/24 log=no log-prefix=""
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.11.0/24 log=no log-prefix=""
chain=srcnat action=accept src-address=192.168.7.0/24 dst-address=192.168.12.0/24 log=no log-prefix=""
ROUTE
dst address pref source gateway
192.168.10.0/24 192.168.7.250 WAN1 19
192.168.11.0/24 192.168.7.250 WAN1 19
192.168.12.0/24 192.168.7.250 WAN1 19