4. Unable to negotiage IPSEC tunnel from local network

Unable to negotiage IPSEC tunnel from local network

  • P

    I am not sure if this is the right place for this post.  It was between the IPSEC and NAT forums.

    First some background,
    I have a connection to a remote network set up using an IPSEC VPN.  The remote gateway is xxx.xxx.xxx.15, and the remote network is xxx.xxx.xxx.23.  My local VPN gateway is the pfSense WAN gateway with an IP address of yyy.yyy.yyy.72, and my local network that I am making available via IPSEC is a CARP address on the WAN interface of yyy.yyy.yyy.77.  NAT redirection is turned on so that yyy.yyy.yyy.77 is accessible from within the firewall.  yyy.yyy.yyy.77 uses PAT/NAT to redirect VPN clients to their true destination inside my network.

    Almost all of the above is working as it should.  The problem that I am running into is that I can only bring the tunnel up from the remote side.  I presume this has something to do with how I am terminating the remote network to a CARP address and port forwarding it, but I do not know how to resolve my issue.  Can anyone help me so that I can bring the tunnel up from my local network?

    0
  • P

    I got tired of waiting for forum posts so I checked out IRC.  According to cmb, "you can't NAT traffic destined to IPSEC in FreeBSD"
    The only way to accomplish what I want is to set up an additional pfSense box, or move to a Linux distribution like IPCop.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy