Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC behind NAT

    Scheduled Pinned Locked Moved IPsec
    3 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jlevesque
      last edited by

      Hi,

      I have some problems and no clues on how to solve them

      One of our remote sites is using a Wireless ISP, he installed an antenna, and put our firewall in it's "DMZ"

      I'm still receiving a private IP behind the antenna, put all traffic is FW to my firewall.

      Then i configure ipsec, tunnel goes up, but i'm having some problems passing traffic into it.

      After some research, i concluded it's related to stateful traffic.

      Ping is going through, but not some shared folder, http, etc. when i check the firewall logs, it's blocking some tcp:ra, etc. so i think the setup is screwing the traffic.

      is there something to fix for those kind of setup?
      I had some problems with another customer and disabling NAT-T did the trick (was on a fortigate) i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.

      thanks!

      1 Reply Last reply Reply Quote 0
      • J
        jjj
        last edited by

        @jlevesque:

        I'm still receiving a private IP behind the antenna…. i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.

        Being in the DMZ doesn't remove NAT unless your DMZ has public IP addressing (i.e. dual firewalls). Depending on your firewall, putting a node in the DMZ either forwards all ports from the public IP to that internal address…or does nothing besides put it in a separate, (typically) more restricted private network.

        1 Reply Last reply Reply Quote 0
        • J
          jlevesque
          last edited by

          according to the WISP, it's is prefered alternative instead of the bridge mode, which gave i'm some problems

          I'm still trying to solve this

          I tried openvpn tunnel, same thing.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.