Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Route External IP over IPSec VPN (NAT'ed) on pfSense 2.2.5

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 260 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      TReminga
      last edited by

      Good afternoon,
      I have been digging into this for much of the day.

      We have 2 servers that are housed at one of our branch sites. This site is configured as 10.1.8.x network, with the two servers being 10.1.8.20 and 10.1.8.101.
      They site behind a Sonicwall NSA 3600 and Internet line that does not have enough external IP's to accept traffic over.

      We have a remote site that operates a pfSense 2.2.5 firewall that has 5 unused public IP's. We have an IPSec VPN configured between both sites, allowing for traffic to flow. I have tested each site can successfully access resources on both sides.

      What we want to do is take one of the external IP's at the remote site, NAT this across the IPSec VPN to the 10.1.8.X server and then control the firewall ports on the pfSense firewall to limit access. We are fine with all traffic from X server going over this VPN vs directly out.

      So full map...

      External IP 1.1.1.1 --> pfSense External IP (IP configured as a Virtual IP) --> pfSense Internal IP (10.80.110.1) --> Over IPSec VPN to 10.1.8.x Network --> Sonicwall --> Server 10.1.8.20 (eventually block down to ports 443, 80, etc)

      I can fully connect to the server at 10.1.8.20 or 101 from a server sitting on the 10.80.110.X network, so I know the VPN is good, and access over any port has worked perfectly since we allow all traffic across. What we can't get to work is taking the external IP NAT'ing it to go across the IPSec VPN to 10.1.8.20.

      Any help would be appreciated!
      Tom

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.