Problem with NATed IPSec and CARP
-
Hi everyone,
I have a problem with IPSec tunnel. On local side have 192.168.40.16/29 network, remote side 192.168.40.24/29 on Phase 2.
I tried both modes (Tunnel and VTI - Routed) but in tunnel mode I can't reach servers from remote side (sNAT not working with Tunnel mode), because 192.168.40.16/29 is only fake network and I NATed traffic between 192.168.148.248/29 and 192.168.40.16/29 to 192.168.40.24/29. It works, but only with this subnet 192.168.148.248/29, not from my other LAN and VPN submets.My LAN networks are:
192.168.138.0/24 - VPN Network
192.168.139.0/24 - VPN Network
192.168.148.0/24 - LAN
192.168.158.0/24 - VLAN2
10.0.2.0/24 - VLAN3I configured IPSec in VTI - Routed mode, configured Routing, NAT, FW Rules and it works on master node, but if master is not available, backup node have connected IPSec tunnel and sNAT from my network to remote side not respond, remote side can't see my servers (dNAT won't work too).
Anyone have the same problems?
I don't have any ideas where is the main problem.