Does pfSense need interface with IP that matches IPsec tunnel traffic
-
I have a server that is supported by an outside vendor who requires an IPsec tunnel for support access.
The server has an IP on the normal LAN network. (192.168.5.100/24)
The vendor has also given it an additional address of 10.1.1.100/24.
They want me to setup an IPsec tunnel between 192.168.202.0/28 and 10.1.1.0/24 to give them access to the server.
Does my pfSense box need an active interface on the 10.1.1.0/24 network?
-
Why the second address on the host? If they want to access 192.168.5.100 using 10.1.1.100 from their side you would just NAT the "Phase 2" network.
Local Network: 192.168.5.0/24
NAT: 10.1.1.0/24
Remote Network: 192.168.202.0/24They would set up a P2 like this:
Local Network: 192.168.202.0/24
Remote Network: 10.1.1.0/24 -
Interesting, so it would map 1 to 1?
Any packets send to 10.1.1.100 would be NATed to 192.168.5.100?
-
Yes.
-
So this worked brilliantly! Thank you so much.