4. IPsec with public IP for Remote Gateway and Remote Subnet (address)

IPsec with public IP for Remote Gateway and Remote Subnet (address)


  • I have a customer with a public IP for the Remote Gateway in Phase 1 (8.x.y.a) and a public IP address as Remote Subnet in Phase 2 (8.x.y.b). Customer setup uses a Cisco ASR.
    On my site I have a public IP for the Remote Gateway in Phase 1 (144.x.y.b), and a (Xubuntu) client in the private IP network of pfSense (172.24.x.x).
    My Xubuntu client has the pfSense LAN as default gateway, and it can access the internet (via NAT), ping, DNS and browsing is working.

    The IPsec tunnel connection is established successfully. However when I try to ping, traceroute or telnet the Remote Subnet address (8.x.y.b), the traffic is not going through the tunnel, but through the internet, and because of that it is blocked on remote site (no traffic coming through the tunnel).

    Do I need to configure the NAT/BINAT setting in Phase 2, or do I need to add a route in pfSense? I did not find the same setup somewhere in the forum, but with public IP, some here said to configure NAT/BINAT.

    alt text

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy