• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

NAT from LAN to machines on far side of IPSec link

Scheduled Pinned Locked Moved NAT
1 Posts 1 Posters 356 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    cmj
    last edited by Jan 10, 2018, 11:47 AM

    Hello

    I have an IPSec link to another site, and want to access machines on the far side of that from the LAN here.

    This is the setup..

    • the firewall LAN address is 192.168.3.11 (/24)
    • The IPSec tunnel  has a local subnet 192.168.40.0/24, remote subnet 192.168.240.0/24

    I have added an "IP Alias" to the LAN of 192.168.40.11/32, and created a Gateway to 192.168.240.0/24 via 192.168.40.11

    If I login to the firewall itself, I can ping machines on the 192.168.240.0 network.

    Now, I want to be able to access them from the LAN too. I think for this I need an Outgoing NAT, so I tried to add an Outgoing NAT

    • source 192.168.3.0/24, destination 192.168.240.0/24, translation address 192.168.40.11

    However, I still can't access them.

    Can anyone suggest a way of doing what I want? The stuff on the other end of the IPSec link is pretty much out of my control.

    Thanks,

    Chris

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received