IPSec Overlapping Subnets

IPsec
Log in to reply
  • S

    Have a client that has 2 locations both running Pfsense.

    Site A 10.10.20.0/16
    Site B 10.10.50.0/24

    It would be easier to just fix the subnets, but client wants to keep using /16 because of equipment w/ static IPs moving between the 2 locations.

    I have established an IPSec tunnel using x.x.20.0/24 and x.x.50.0/24 and able to get through to anything coded with a /24 subnet on both sides but can't get to anything with a /16 address.

    I've ready through the Pfsense book and searched on google, but I haven't found a good example on how to handle the NAT/BINAT to allow the traffic to pass.

    Thanks,

    M 1 Reply 0
  • M

    @schulzie00 BINAT is not so hard. The only thing that you have to take into account is that, from the point of view of the remote site the remote net you have to supply is the one you have used in the binat field and not the original one onf the LAN interface, so your phase II configuration must use this later one and rules must apply with this.

    Apart from this take into consideration that there will not be any matching rules between local IP addresses (those in the LAN Net space) and binat addresses so the remote site clients would not be able to contact servers in the binat side unless you configure a NAT static translation too.

    Hope this helps.

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy