IPSec outbound address
-
Hi,
We are setting up an IPSec connection from our local pfSense to a remote customer (he is using FortiNet). He has some limitation on his side that the source address of packets coming through IPSec cannot be the same address as the connection itself nor can he use any private IP address range (so if our public IP address is 1.1.1.1 and our local LAN is 10.0.0.0/24 he needs the source address in the packets set on IPSEC to be neither of the addresses above - 1.1.1.2 or even 8.8.8.8 is ok with him or anything we want because he is doing on his side NAT and he just cares the address is not the same as our public IP)
How can we change for this IPSEC connection only the source address? should this be done in NAT->Outbound? somewhere else? must the IP we select belong to the subnet of our WAN or can we use any valid IP address even if it does not belong to us?