Static route after using IPSEC
-
Hello,
I want to ping from LAN 1 to LAN 3.
But it's not working, that's what I did:
PFSENSE 1:
- Add IPSEC phase 2 "LAN 1 --> LAN 3"
PFSENSE 2:
- Add IPSEC phase 2 "LAN 3 --> LAN 1".
- Add static route "LAN 3 use gateway to join PFSENSE 3".
PFSENSE 3:
- Add static route "LAN 2 use gateway to join PFSENSE 2".
- Add static route "LAN 1 use gateway to join PFSENSE 2".
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------------------------------------
-
Does PFSENSE 3 NAT on outgoing packets? This is the default behavior on WAN interface.
-
@viragomann I don't understand what you mean at all.
Could you be more specific?
-
@Yazur said in Static route after using IPSEC:
I don't understand what you mean at all.
As I wrote, by default pfSense does NAT on outgoing traffic to WAN, i.e. it translates the source address to the WAN address, which is desired when WAN has a public IP.
The outbound NAT settings are in Firewall > NAT > Outbound.If you don't know how to check post a screenshot and tell the LAN3 network range.
-
There is already outgoing NAT configured on the pfsense 3 as well as on all other pfsense.
Each pfsense is redundant with PFSYNC, CARP... So they all have a virtual IP address on each WAN. And thus a configured outgoing NAT.
Here are the outgoing NAT configurations:
Pfsense 1: "IP are private and virtual"
Pfsense 2: "IP are public and virtual"
Pfsense 3: "IP are public and virtual"
-
When you ping LAN3 from LAN1 can you see the packets on pfSense 3 and do they have the correct IPs?
If yes, can you see them on the internal interface?