I Broke NAT... on my Multi Site Lab.
-
I have 2 physical ESXi servers that I run as Site1 and Site2 (Both have an interface on my corp network), both physical hosts run a VMware Nested Environment. I recently moved those nested environments behind a virtualized PFsense appliances on each side. Initially I was okay with everything being NAT'd and that worked great. Now I have to add a couple additional networks that must be routed between the sites. I'll detail how I configured it. It seemed to work as I can now route between these networks but it broke NAT outbound and I'm at al loss as to how I've misconfigured it.
This screencap shows my networks, WAN is corp, LAN is connected to a cumulus Spine/Leaf network that allows my nested SDDC traffic to route out to the WAN, OPT1 is for Management of all of the nested components, EXT was just another network I was adding to add an additional routed network to the other site.
PFsense can ping all of the gateways I'm trying to get to.
Here's what I have configured in the UI.
Gateways:
Static Routes:
Finally, this is how I have NAT configured. I created 2 rules to not NAT for the two destinations on the second site.
I'm not sure why, but this just breaks NAT all together. All of the hosts with interfaces on Management 192.168.1.x can ping the second site, they can even ping the second sites corp address 10.33.72.66, but they can't NAT out to anything else.Any help from the community would be greatly appreciated.
-
Trying Manual Outbound NAT also. I found that rules weren't created so I found out that I didn't have a gateway set, once set the rules populated.
So now I'm back and can ping out to the WAN gateway but The rule that should disable NAT for source 192.168.1.0 dest 192.168.2.0 doesn't do anything even if I put it on top.
