Static to dynamic behind router and pfsense has class C



  • I have been messing with this for months trying to get it to work.  IPSEC tunnel between parent office with static ip.  Remote is a residential high speed router with changing external IP, and PFsense is behind this router.  The pfsense behind this router gets a class c interal ip (192.168.x.x).  The tunnel attempts to start but i see it blocking the class C ip on the PFsense firewall at the parent office (port 500 with the internal ip of the pfsense at the remote office).  I am so burned out on trying to figure this out i finally gave up and wanted to ask the forumns here. Any ideas?  I also thank you in advance.

    Parent office STATIC IP >>>>>>>>>internet>>>>>>>>>Provider router with changing external IP>>>>>>NAT to class C via provider router>>>>>>PFsense wan class c>>>>PFsense remote internal network

    the tunnel needs to do this

    Parent office internal network >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>PFsense remote internal network



  • I have been searching an searching the posts.  I will rephrase and ask this question. I also thank anyone that will reply and give me some kind of hint.

    Can you connect via ipsec tunnel this setup

    main site- pfsense has external ip address normal tunnel setup. Behind this is 2 class c ip address ranges connected to a 3550xl cicso with routing turned on. The internal side of the pfsense is on a separate class c that is also connected to the 3550xl.  The tunnel or tunnels need to route traffic from the 2 class c networks on the 3550xl through to the other side of the tunnel.

    remote site-pfsense is behind a provider router(minimal changes can be done to this router), this router also has forced NAT. The pfsense has a class c wan address(192.168).  It also has class c interall addresses.  The internal flat network needs to connect to the other networks at the main site via the tunnel(s).

    I have static routes on the main site pfsense so the 2 class c internal networks can reach the internet. The remote site works normally with the normal settings, however i cannot get the tunnel to connect.  I have done a test setup with 2 external ip addresses with the same hardware and the tunnel works.

    Can you tell me if it is possible to setup a tunnel at a remote site that is behind a router with NAT and the remote site pfsense has a class c wan address?

    Here is an error from the logs from the main site.

    1 10. 009466 rule 33/0(match): block in on fxp1: (tos 0x0, ttl 64, id 11377, offset 0, flags [none], proto: UDP (17), length: 320) 192.1xxx.xxx.xxx > xxx.xxx.xxx.xxx: [|isakmp]


Log in to reply