1. Home
  2. pfSense® Software
  3. IPsec
  4. Static to dynamic behind router and pfsense has class C

Static to dynamic behind router and pfsense has class C

  • H

    I have been messing with this for months trying to get it to work.  IPSEC tunnel between parent office with static ip.  Remote is a residential high speed router with changing external IP, and PFsense is behind this router.  The pfsense behind this router gets a class c interal ip (192.168.x.x).  The tunnel attempts to start but i see it blocking the class C ip on the PFsense firewall at the parent office (port 500 with the internal ip of the pfsense at the remote office).  I am so burned out on trying to figure this out i finally gave up and wanted to ask the forumns here. Any ideas?  I also thank you in advance.

    Parent office STATIC IP >>>>>>>>>internet>>>>>>>>>Provider router with changing external IP>>>>>>NAT to class C via provider router>>>>>>PFsense wan class c>>>>PFsense remote internal network

    the tunnel needs to do this

    Parent office internal network >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>PFsense remote internal network

    0
  • H

    I have been searching an searching the posts.  I will rephrase and ask this question. I also thank anyone that will reply and give me some kind of hint.

    Can you connect via ipsec tunnel this setup

    main site- pfsense has external ip address normal tunnel setup. Behind this is 2 class c ip address ranges connected to a 3550xl cicso with routing turned on. The internal side of the pfsense is on a separate class c that is also connected to the 3550xl.  The tunnel or tunnels need to route traffic from the 2 class c networks on the 3550xl through to the other side of the tunnel.

    remote site-pfsense is behind a provider router(minimal changes can be done to this router), this router also has forced NAT. The pfsense has a class c wan address(192.168).  It also has class c interall addresses.  The internal flat network needs to connect to the other networks at the main site via the tunnel(s).

    I have static routes on the main site pfsense so the 2 class c internal networks can reach the internet. The remote site works normally with the normal settings, however i cannot get the tunnel to connect.  I have done a test setup with 2 external ip addresses with the same hardware and the tunnel works.

    Can you tell me if it is possible to setup a tunnel at a remote site that is behind a router with NAT and the remote site pfsense has a class c wan address?

    Here is an error from the logs from the main site.

    1 10. 009466 rule 33/0(match): block in on fxp1: (tos 0x0, ttl 64, id 11377, offset 0, flags [none], proto: UDP (17), length: 320) 192.1xxx.xxx.xxx > xxx.xxx.xxx.xxx: [|isakmp]

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy