Ping an external ip through mobile client vpn
-
Hello,
for my ipsec vpn I have a setup with mobile client; I defined the subnet 192.168.106.0 to connect to pfsense, where I created a ipsec connection with P1 and P2 that connect to my corporate network 192.168.0.0/24; my pfsense firewalls are 192.168.0.31 and 192.168.0.32 and have a vip, 192.168.0.30; I have 2 cisco 3560 with ip 192.168.0.2 and 192.168.0.3 that are in HSRP with ip 192.168.0.1: this is my network gateway, where I have a route like this:ip route 0.0.0.0 0.0.0.0 192.168.0.30 99 name vs-fpscarpOther thing that I've done for the vpn is split tunneling; we alla have Windows 10 as client so I simply unchecked the option to use the predefined gateway, and to access the various networks that we had we simply use the powershell command (for example):
Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 192.168.0.0/24and we can access 192.168.0.0/24 network servers.
Now the issue; we have some Amazon virtual machines where we have set security group with our public ip 93.150.27.178/28, so if I ping from a device inside my 192.168.0.0/24 we retrieve the ping, but if I try this from a machine that is in vpn, so have as address, for example, 192.168.106.x, I have no response.
I tried to create a static route on the pfsense, but this created a ttl expired in transit if I ping an Amazon vm from 192.168.0.0/24 machine;
I simply also tried to add the Amazon vm ip address to the local machine roundtable that is loaded when I access vpn with the command:Add-VpnConnectionRoute -Name "IM-VPN" -DestinationPrefix 34.199.70.82/32but obviously it doesn't work.
Any suggestion is appreciated.