NAT whole network to IPsec
-
Hello Everyone, I'm currently working on a project to migrate existing Mikrotik based network to pfSense. It worked almost perfectly except IPsec tunnels.
I managed to connect all PH1 and PH2 but I can see it's working in a different way in pfSense.
So I have IPsec IKEv1 tunnel with following settings:
our remote/virtual network inside tunnel:
192.168.50.0/30
customers remote network:
195.182.52.136/32I would like to provide access to customer's network from all my LAN clients, for example 10.131.0.0/16
That's how PH2 worked in Mikrotik:
and then simple src-nat worked to NAT anyone trying to connect to this tunnel
Is there any other way than multiple PH2 to get similar functionality?
That's how I have it currently configured with PH2 in pfSense but the problem is if I add more than 4 PH2 entries only 4 of them are working and if I force connect them from status > ipsec it disconnects some other ones.
I know I could choose overload NAT to NAT whole network to single IP but it would require change in tunnel configuration and it's not a simple thing with our customers.
Another issue I have is related to services inside this tunnel, after switch to pfsense I have following errors in SQL and RDP, it worked perfectly on Mikrotik:
I hope someone in this community had similar issues, let me know if you need any additional information. Thanks!