Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT from LAN to machines on far side of IPSec link

    NAT
    1
    1
    344
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      cmj
      last edited by

      Hello

      I have an IPSec link to another site, and want to access machines on the far side of that from the LAN here.

      This is the setup..

      • the firewall LAN address is 192.168.3.11 (/24)
      • The IPSec tunnel  has a local subnet 192.168.40.0/24, remote subnet 192.168.240.0/24

      I have added an "IP Alias" to the LAN of 192.168.40.11/32, and created a Gateway to 192.168.240.0/24 via 192.168.40.11

      If I login to the firewall itself, I can ping machines on the 192.168.240.0 network.

      Now, I want to be able to access them from the LAN too. I think for this I need an Outgoing NAT, so I tried to add an Outgoing NAT

      • source 192.168.3.0/24, destination 192.168.240.0/24, translation address 192.168.40.11

      However, I still can't access them.

      Can anyone suggest a way of doing what I want? The stuff on the other end of the IPSec link is pretty much out of my control.

      Thanks,

      Chris

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.