IPsec and subnet issues
-
Hi, I have a problem with pfsense and Azure over IPsec.
I have 2 subnets in site A on 2 pfsense interfaces: 172.23.0.0/24 and 10.252.225.32/28, at the other end of Azure I have a 172.24.4.0/24 network
The tunnel is correctly created and works perfectly.
The connection between Azure (172.23.4.0) and the 172.23.0.0 network is working properly.
However, the connection between Azure and the network 10.252.225.32/28 does not work correctly, from Azure it reached the IP address of pfsense which is 10.252.225.33/28, but it did not reach another IP which is 10.252.225.46/28 which belongs to a router.
I have successfully created the phases but cannot connect. I have tried the binat option but it doesn't work either.
Any ideas?
Thanks
-
@jccanaveras
Is pfSense the default gateway in 10.252.225.32/28? -
@viragomann the gateway ip of the interface is the ip of the router 10.252.225.46/28, do I have to put the ip of the pfsense?
Thanks.
-
@jccanaveras said in IPsec and subnet issues:
do I have to put the ip of the pfsense?
Not necessarily, however it would be the best solution.
Two other options with the existing router as gateway:
-
Disconect pfSense from 10.252.225.32/28 and set up a transit network between pfSense and the router instead.
Then add a static route on pfSense for the network pointing to the router and one on the router for the remote network pointing to pfSense. -
Do masquerading on pfSense on this network interface by adding an outbound NAT rule.
However, this let traffic from the remote site seem to come from pfSense, which might be undesirable.
-
-
@viragomann thanks, the outbound NAT option has worked correctly.