NAT Public IP from other NAT router via OpenVPN Site-to-Site VPN
-
Hi there, I am completely new to pfSense but have found the online guides and this Wiki extremely helpful in configuring a VPN between our new remote office and our head office. That being stated, I am faced with a unique challenge which I cannot for the life of me figure out. I have searched the Wiki and the web and cannot get a solution to this specific situation so now I need help and hope that someone can clarify this with steps, the IP's and Subnets are only examples to simplify, my actual production environment is different:
Setup:
Site A:
Subnet: 10.10.0.0pfSense Router at IP Address 10.10.0.10 for OpenVPN Client Access Server on Port 1194 and OpenVPN Site-to-Site Server on Port 1195
ISP Managed Router with 5 Static IP's NAT configured by them (I cannot do anything about this, it is the only option available) on same subnet as Site A (Due to the public IP NAT) at IP 10.10.0.2 with static route for 10.10.1.0 subnet through pfSense Router. (I cannot log in to this router)
Site B:
Subnet: 10.10.1.0pfSense Router at IP Address 10.10.1.2, acts as NAT Gateway and OpenVPN Site-to-Site Client
My ISP provides NAT for 5 public IP's to the 10.10.0.0 subnet, of which I want to set up NAT on the pfSense Router to route traffic to and from these NAT internal IP's (I cannot move the router to a different subnet to use pfSense as a NAT Router for all traffic due to various other complications on our network relying on direct access through NAT Public IP's for now, once I get this to work I will change that but presently relying on the redunceny provided by that setup).
So for the purposes of this question, how do I set up the Virtual IP's on the Site A network that will NAT the Site A NAT public IP to the hosts on Site B.
Ex.
Public IP is configured by ISP on their Router to NAT to internal IP 10.10.0.235
pfSense at Site A has IP Alias on internal IP 10.10.0.235
pfSense at Site A has 1:1 NAT Rule forwarding all traffic for VIP 10.10.0.235 to Site B IP 10.10.1.3
At Site A, pinging and using the VIP (10.10.0.235) works perfectly and as predicted and I can access the host at Site B at IP 10.10.1.3 (So my internal NAT seems to work).When I use the Public IP, I get nothing, tracert shows the IP up to the last nameserver in line for my ISP before hitting the Router. Where am I going wrong and can this even be done with a NAT behind a NAT? If I bring up a host on the internal LAN with the internal IP as per the ISP Router's NAT configuration it works perfectly so the issue is with the way I am trying to use pfSense.
Any help will be greatly appreciated as I need the above to so that two of the public IP's can route to two specific hosts at Site B. I also had the ISP set up the NAT to translate the public IP directly to the remote site IP but due to the way their router handles NAT rules it cannot work.