Yes, it's a nightmare...!
Do you have a solution after more than 13 years?
We do have an IPsec tunnel between Site A and Site B with 11 networks at Site A 7 and networks at Site B.
The UTM at Site A therefore builds a tunnel with 77 SAs (11 x 7) - every local network can connect to every remote network.
Site B is using Watchguard and they don't want us to be able to access every network. They can configure there tunnel like...
Remote network A1 can access / be accessed by local network B1, B3
Remote network A2 can access / be accessed by local network B1, B2
They don't have 77 SAs and i see errors in the dashboard because of SAs with no connection.
For me, it would be the best to establish one tunnel between a kinf of transfer network with routing and firewall rules on both sites.
Christian, wouldn't the easiest be to have different tunnels for A1<-->B1,B3 and A2<-->B1,B2? It seems like that would be clearer for others to follow.
Cheers - Bob
Christian, wouldn't the easiest be to have different tunnels for A1<-->B1,B3 and A2<-->B1,B2? It seems like that would be clearer for others to follow.
Cheers - Bob