I am attempting to link an AWS VPC to a datacenter using the community VyOS AMI and IPSec tunneling, talking to a SonicWall device that I don't control. I've been given the proper settings to establish a tunnel, but I need to pass traffic to two CIDR blocks through it, as below:
10.54.0.0/16 >> 10.64.0.0/10 and 10.64.0.0/9
I have traffic working through the tunnel to 10.64.0.0/10, but need to route to the other block as well. Can I do this with one tunnel?
EDIT: Here is the relevant config info, scrubbed for security:
esp-group espGroup1 {
compression disable
lifetime 28800
mode tunnel
pfs enable
proposal 1 {
encryption aes128
hash sha1
}
}
ike-group ikeGroup1 {
key-exchange ikev1
lifetime 28800
proposal 1 {
dh-group 2
encryption aes128
hash sha1
}
}
site-to-site {
peer <IP> {
authentication {
id <local IP>
mode pre-shared-secret
pre-shared-secret X
}
connection-type initiate
default-esp-group espGroup1
description "Tunnel"
ike-group ikeGroup1
local-address 10.54.0.5
tunnel 1 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 10.54.0.0/16
}
remote {
prefix 10.64.0.0/10
}
}
tunnel 2 {
allow-nat-networks disable
allow-public-networks disable
local {
prefix 10.54.0.0/16
}
remote {
prefix 10.128.0.0/9
}
}
}
}
