Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Virtual ip not accessible by ipsec

    IPsec
    1
    1
    746
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      PDJ
      last edited by

      I'm using pfsense version 2.3.2
      My setup, I have 3 internal (LAN) networks and a ipsec (roard warrier) setup ending in LAN2 ,  from that tunnel I want to acces only 1 device from LAN3 (I don't want to add a phase 2 to the complete network) so I setup a virtual IP (IP alias) in LAN2 with a 1:1 NAT to that device, internally it works fine, but from the IPSEC client the virtaul IP (IP Alias) is not accessible.

      LAN 2 has a subnet of 192.168.4.0/24
      LAN 3 has a subnet of 192.168.11.0/24

      Device on LAN 3 has IP 192.168.11.1

      Virtual IP:
      IP Alias - Interface: LAN 2 - Address: 192.168.4.23/24

      IPSec Phase 2: Local network: 192.168.4.0/24

      Firewall:
      LAN 1 has full access to LAN 2 and LAN3
      LAN 2 has full access to LAN 3

      Test from LAN 1 access IP 192.168.4.23 ends up to 192.168.11.1 (NAT) so that works fine.
      Test from IPSEC client IP 192.168.4.23 ends up nowhere, not accessible, all other devices on 192.168.4.0/24 are accessible

      1 Reply Last reply Reply Quote 0
      • First post
        Last post