Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port forward + Source NAT + IPSec VTI

    Scheduled Pinned Locked Moved
    NAT
    2
    4
    240
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DirectRaw
      last edited by

      Hello guys! Can I implement next schema:
      5a079df8-e6a0-4e01-8a70-e2c916d302a4-изображение.png
      I need to reach 192.168.5.1 from 10.0.10.20.0/23, but mask the ip as 172.19.0.1.
      And I can't do anything with R1.
      All routes correct.
      I'm able to ping 192.168.5.1 from pfSense1.
      I see correct packets in VTI on pfSense1 but I can't see them on pfSense2:
      7e028df2-eabb-426f-aedf-090e93a4b858-изображение.png

      1 Reply Last reply Reply Quote 0
      • D
        dylanc23 Netgate
        last edited by

        It's probably routing through the VIP interface instead of through the VTI

        On which interface are you seeing those packets? On the VTI or on the one where you have your VIPs (Guessing its WAN)?

        D 1 Reply Last reply Reply Quote 0
        • D
          DirectRaw @dylanc23
          last edited by

          @dmendez-netgate hello! Captured from VTI. Actually I did this task by using tunnel mode instead VTI. But it's still interesting why it doesn't work through VTI...

          D 1 Reply Last reply Reply Quote 0
          • D
            dylanc23 Netgate @DirectRaw
            last edited by

            @DirectRaw If that packet capture was on the VTI, it means your routes on pfSense1 are correct.

            What about pfSense2? Do you have a route to send traffic to destination 172.19.0.1 through the VTI?

            1 Reply Last reply Reply Quote 0
            • First post
              Last post