PFSENSE + IPSEC + NAT
-
We have a network with different subnets:
10.0.0.0/23 Main
10.0.2.0/25 Subnet
10.0.3.0/24 Subnet
10.0.4.0/27 Subnet
10.0.5.0/26 Subnet
10.0.X.0/24 SubnetWe also have an IPSEC connection to provide mutual services (WEB and DNS) of which I have no control at the other end. The services of both have the 172.19.0.0/24 network as their origin and destination.
In the PFSENSE (in high availability) I have a VIRTUAL IP 172.19.0.1 which is the gateway for the IPSEC tunnel.
Currently I have the IPSEC tunnel working correctly but I have a router with addresses 172.19.0.5 and 10.0.0.5 doing NAT from networks 10.0.0.0 to network 172.19.0.0/24 to be able to send the traffic through the IPSEC tunnel (access to networks 172.19.10.0/24. 172.19.11.0/24, ...)I have done numerous tests to try to NAT the traffic from networks 10.0.X.0 to 172.19.0.1 and thus send through the IPSEC tunnel but I can't. The tests carried out are:
- Configure Outbound NAT to the IPSec interface
- Configure Outbound NAT to the network interface 172.19.0.1 (CARP IP)
- Configure Outbound NAT to the network interface 172.19.0.2 (IP PFSense)
- Create another Virtual IP and use it for Outbound NAT.
Thanks for the help.
-
I have also posted this problem in the NAT section with more information to see if someone can help me.
Thanks you