15.26. How can I route multiple subnets over a site to site IPsec VPN?

There are two ways to accomplish this. Which is most suitable depends on if you are able to summarize the subnets, and how many subnets are involved. For either way, the subnets do not need to be directly connected to SmallWall. They can be behind a router on the LAN behind SmallWall. In that case, you'll need to set up static routes on SmallWall's LAN interface pointing to the LAN router for each of the subnets in question. You can also summarize the subnets in static routes.

15.26.1. Summarizing the subnets using a larger mask

If you are using, for example, at one site, and the other site uses,,, and, you can summarize the 10.x.x.x site with includes

15.26.2. Setting up multiple IPsec connections

You can set up one IPsec connection for each subnet you want to connect to on the remote side. If you have a large number of subnets on the remote side, it is recommended you number them so they're easily summarized so you don't have to set up a large number of connections.