IPSec with subnet natting
-
Hi all,
for one of our customers we should setup a new IPSec VPN tunnel.
Goal is simple, configuration looks a bit confusing.Our subnet: 10.124.29.0/24
Remote subnet: 10.240.0.0/12Till here, no problems.
But the customer site has a policy that they cannot route a 10.124.29.0/24. They have to use a /24 in the 10.150.0.0/16 set.
So we have been assigned 10.150.33.0/24.PhaseII our side :
our subnet: 10.150.33.0/24
remote subnet: 10.240.0.0/12PhaseII cust side :
our subnet: 10.240.0.0/12
remote subnet: 10.150.33.0/24We should manage to NAT the whole subnet from 10.150.33.0/24 to 10.124.29.0/24.
Is this possible? How can this be done?
Use Virtual IP option? And do a 1:1 and outbound nat?Attached : Visio PDF to clear out things.
Regards,
Dieter
-
Maybe this can be done with virtual ip's and manual outbound nat.
-
Lack of NAT before IPsec is one of the known limitations of pfSense …
Check 2009 discussion here http://freebsd.1045724.n5.nabble.com/IPSec-nat-on-enc-device-td4023490.html
-
:P Ofcourse I forgot this.. then you must have two devices(one doing natting and another doing vpn) or think another solutions