IPSec Phase 2 local network & access from LAN

GoneCamping · Jan 19, 2021, 5:19 PM

A bit of an experienced newb here.

We are establishing an IPSec connection with a customer. In short, I was only able to get P2 to come up when I used the WAN IP as the local network/address. Our WAN IP is used as part of the authentication process, it would seem (NO_PROPOSAL_CHOSEN was the error when I had our LAN as the local network).

What this seems to mean in practice is that I can ping their network from WAN (traffic shows up in the IPSec status), but not from a computer on my LAN. How do I establish the connection between WAN/LAN so that I can pass traffic from LAN to the customer network?

When setting up our inter-office IPSec tunnels this wasn't a problem because we're able to choose our local/remote network IPs. Our customer is so large that they don't have that luxury.

Thank you!

GoneCamping · Jan 19, 2021, 6:22 PM

@gonecamping

I am a flipping idiot. ;-)

If I put the WAN IP as the NAT/BINAT address and then LAN as the local network, it worked. P2 still works and traffic flows from LAN to our customer network.