Website Access through IPSEC VPN
i recently installed a pfSense to connect a small sales Office to the Main office via IPSEC.
Main Office (Sonic Wall) <-> Sales Office (pfSense)
The Tunnel works fine and acessability between the 2 sites is also fine.
However i am having an issue which so far i have not managed to resolve by myself.
There is a website all employees use. This website in only acessible from the main offices IP Adress due to an IP filter on the hosting server.
Since the IPSEC connected office is not using the main officec IP adress to browse the internet, they can not access that website.
Since i can not solve the issue by implementing a static route i added another phase 2 entry to the VPN connection with the Webservers IP adress.
However this is still not working. If i try to trace the IP i am not getting any answers so i am a bit stuck..
How should the additional phase 2 help if the web server blocks the IPs of the Sales Office?
If the server only allows IPs of its own subnet, there is no way to solve it on the pfSense at the remote site.
On the Sonic Wall in the main office you may do S-NAT for traffic destined to the web server to masquerade the client source IPs.
But why is it not possible to configure the web server to permit access from sales office?
- The Sales office does not have a static IP, therefore can not be whitelisted By the Web-Server.
- The Webserver is NOT administrated by me, nor is it in any of my Subnets. It is a Web-Server.. so acessible via internet.
I want to tunnel the client requests to that server from the sales office to the main office, so the sales office uses the mains office IP only for that specific Website.
i will look up the NAT hint though.. thx
I see. I was assuming the web server is within the office local network.
So the second phase 2 is the right way to go though. Have you added it on both sites?
Also ensure that the outbound NAT on the Sonic Wall translate the vpn access to its WAN IP.
yes on both sides.. i will check the NAT Rules..
i found this.. which is exactly what i am doing but with all internet traffic:
The answer was indeed a missing NAT entry on the main offices Firewall.