Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Routing public ip address through site to site vpn and then out to internet

    Scheduled Pinned Locked Moved IPsec
    5 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • frogF
      frog
      last edited by

      Hi, Apologies if this is posted in the wrong section.

      We have 2 SG2440 with a IPSEC site to site vpn.  We have a public website which allows logins from only the public ip address at site A we want to be able to access that website from site B, but routing through the vpn and then out as if coming from ip address of site A.

      We have done this for remote access users but specifying the websites ip address in the IPv4 local networks in the tunnel setting for openvpn.

      Any help greatly appreciated.

      Thanks
      Chris

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        You should be able to do that by creating a phase 2 ESP tunnel with the local LAN and the web site IP address as the two sides.

        You will need to be sure outbound NAT is in place for the source network side on the interface(s) used to access the internet.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • frogF
          frog
          last edited by

          @Derelict:

          You should be able to do that by creating a phase 2 ESP tunnel with the local LAN and the web site IP address as the two sides.

          You will need to be sure outbound NAT is in place for the source network side on the interface(s) used to access the internet.

          Thanks I'll give it a go.

          Cheers
          Chris

          1 Reply Last reply Reply Quote 0
          • frogF
            frog
            last edited by

            @Derelict:

            You should be able to do that by creating a phase 2 ESP tunnel with the local LAN and the web site IP address as the two sides.

            You will need to be sure outbound NAT is in place for the source network side on the interface(s) used to access the internet.

            I've created a 2nd phase 2 entry at the remote site (B) same as the remote subnet but instead specifying the remote public ip address of the website/32 applied and dropped the vpn.  Tunnel comes up but does not route traffic as webpage should display a login, but instead shows page is not available.
            Do I need to do anything at the remote site (A)
            any ideas?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              Well, you need the reciprocal phase 2 entry.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.