IPSEC behind NAT



  • Hi,

    I have some problems and no clues on how to solve them

    One of our remote sites is using a Wireless ISP, he installed an antenna, and put our firewall in it's "DMZ"

    I'm still receiving a private IP behind the antenna, put all traffic is FW to my firewall.

    Then i configure ipsec, tunnel goes up, but i'm having some problems passing traffic into it.

    After some research, i concluded it's related to stateful traffic.

    Ping is going through, but not some shared folder, http, etc. when i check the firewall logs, it's blocking some tcp:ra, etc. so i think the setup is screwing the traffic.

    is there something to fix for those kind of setup?
    I had some problems with another customer and disabling NAT-T did the trick (was on a fortigate) i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.

    thanks!



  • @jlevesque:

    I'm still receiving a private IP behind the antenna…. i think somehow the pfsense is detecting NAT but since i'm in the dmz there is no need for it but i can't disable it.

    Being in the DMZ doesn't remove NAT unless your DMZ has public IP addressing (i.e. dual firewalls). Depending on your firewall, putting a node in the DMZ either forwards all ports from the public IP to that internal address…or does nothing besides put it in a separate, (typically) more restricted private network.



  • according to the WISP, it's is prefered alternative instead of the bridge mode, which gave i'm some problems

    I'm still trying to solve this

    I tried openvpn tunnel, same thing.


Log in to reply