Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    LAN clients - how to access service located on WAN VIP internally

    HA/CARP/VIPs
    2
    2
    257
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DJKR
      last edited by DJKR

      Below is my network setup.

      What I am trying to achieve is the follows

      • computer on LAN3 interface with IP address 172.30.16.54 is trying to access abc.def.com

      • abc.def.com resolves to 192.168.2.38

      • 192.168.2.38 is VIP from the WAN interface, it is in a 1:1 NAT relationship with 192.168.1.50 on interface LAN

      • when the computer tries to access 192.168.2.38 I can see it on the log of the LAN3 interface but cannot see it on the WAN interace

      • 172.30.16.54 can ping 192.168.2.38

      • it is trying to create an IPSEC tunnel from 172.30.16.54 to 192.168.2.38 so I can see the initial ISAKMP packet towards port 500

      • Should I be able to route this internally as required?

      0_1551973712319_ee7cfb11-7ef5-4135-bbc0-92a18854d1d5-image.png

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Why would you not just resolve abc.def.com to 192.168.1.50 in the first place for devices behind pfsense...

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.