IPSEC VPN WITH NAT S2S
-
Hello everyone!
First of all thank you for your help !!!
I am new to PFSense and need to configure an S2S VPN.
My scenario is as follows:
I am on the 172.16.0.0/16 network, I need to connect to the 192.168.200.0/24 network but the client has a NAT configured and so I need to leave with the ip 192.168.249.29 ...
I was wondering how should I do this NAT, could you help me with this?
-
@flimadigital said in IPSEC VPN WITH NAT S2S:
I am on the 172.16.0.0/16 network, I need to connect to the 192.168.200.0/24 network but the client has a NAT configured and so I need to leave with the ip 192.168.249.29 ...
What has your client's NAT configuration to do with a S2S tunnel you want to setup between 172.16.0.0/16 and 192.168.200.0/24? Does the client have 172.16.0.0/16 in use so you have to use some NAT or what's the reason? And what is that 192.168.249.29 address for?
Could you please elaborate? -
@JeGr said in IPSEC VPN WITH NAT S2S:
192.168.249.29
Exactly! The client uses this 172.16 network, so I need to reach the client with IP 192.168.249.29. This ip has a configured NAT that takes everything from 192.168.249.29 and plays to the network 192.168.200.0/24
-
@flimadigital said in IPSEC VPN WITH NAT S2S:
This ip has a configured NAT that takes everything from 192.168.249.29 and plays to the network 192.168.200.0/24
I don't exactly understand what you mean by this but I assume the client wants your clients to connect via a single IP (192.168.249.29) so it can create firewall rules accordingly. To do that, you have to NAT your connection in your phase 2 settings.
Your clients P2:
- local network: 192,168.200.0/24
- remote network: 192.168.249.29/32
etc. etc.
Your own P2 setting:
- local network: 172.16.0.0/16
- NAT setting enabled with "address" selected: 192.168.249.29 (/32)
- remote network: 192.168.200.0/24
Hope that clears it up and I understood correctly that you want to NAT to a single IP.