IPSEC behind NAT
-
Hi,
I have some problems and no clues on how to solve them
One of our remote sites is using a Wireless ISP, he installed an antenna, and put our firewall in it's "DMZ"
I'm still receiving a private IP behind the antenna, put all traffic is FW to my firewall.
Then i configure ipsec, tunnel goes up, but i'm having some problems passing traffic into it.
After some research, i concluded it's related to stateful traffic.
Ping is going through, but not some shared folder, http, etc. when i check the firewall logs, it's blocking some tcp:ra, etc. so i think the setup is screwing the traffic.
is there something to fix for those kind of setup?
I had some problems with another customer and disabling NAT-T did the trick (was on a fortigate) i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.thanks!
-
I'm still receiving a private IP behind the antenna…. i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.
Being in the DMZ doesn't remove NAT unless your DMZ has public IP addressing (i.e. dual firewalls). Depending on your firewall, putting a node in the DMZ either forwards all ports from the public IP to that internal address…or does nothing besides put it in a separate, (typically) more restricted private network.
-
according to the WISP, it's is prefered alternative instead of the bridge mode, which gave i'm some problems
I'm still trying to solve this
I tried openvpn tunnel, same thing.