4. 1 to 1 NAT through IPsec

1 to 1 NAT through IPsec

  • A

    Hi! I'm trying to make my servers on an internal network exit the firewall through an IPsec tunnel with a public IP.

    I work at an ISP and have routed a /27 public network through an IPsec into my pfSense firewall at home. I've previously used FortiGate with policy-routing and virtual ips, but it doesn't seem to work the same way with pfSense.

    On my P2 I've specified the /27 network as local subnet, and 0.0.0.0/0 as remote subnet.

    In NAT 1:1:
    Interface: IPsec
    External IP: xxx.xxx.93.13
    Internal IP: 172.16.0.65
    Destination IP: *

    I had to port forward ICMP with destination xxx.xxx.93.13 to 172.16.0.65 to make my pings (from AWS) show up in tcpdump.
    With NAT-reflection enabled, I can access the server with its public IP locally.

    Outbound NAT is set to manual, with a mapping that says:
    Interface: IPsec
    Source: 172.16.0.65
    Source port: *
    Destination: *
    Destination port: *
    NAT address: xxx.xxx.93.13
    NAT port: *

    Am I missing something? I've tried everything I could think of, and getting pretty frustrated.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy