SNAT-DNAT FROM IPSEC VPN TO A PRIVATE NETWORK
-
Hello guys.
I'm having a bit of a problem on how SNAT-DNAT works. I have a S2S VPN from on on prem client to my Azure instance where there is a PFSense acting as e firewall and S2S VPN.
The configuration is as follows:
ON PREM NETWORK IS 172.16.0.0/23
REMOTE NETWORK IS 192.168.0.0/24 (ON PFSENSE, THIS IS DESIGNED TO BE A NAT ADDRESS)ON AZURE(PFSENSE) LOCAL NETWORK IS 10.10.10.4
INBOUND OR OUTBOUND NAT IS 192.168.100.0.0/24SO, TRAFFIC COMMING FROM 172.16.0.15/32 HAS TO GO TO 192.168.100.4.
AS IT ARRIVES ON PFSENSE, IT WILL BE NATTED TO 10.10.10.4/43.Everything is configured, I see traffic going to 10.10.10.4, I see it returning to PFSense but I see no traffic going back to on prem (172.16.0.15).
For traffic from On prem I used 1:1 NAT
I'm attaching a diagram with some more details.
-
@brunoobr said in SNAT-DNAT FROM IPSEC VPN TO A PRIVATE NETWORK:
For traffic from On prem I used 1:1 NAT
Why?
You can configure BINAT in the IPSec phase 2. -
Hello @viragomann In fact it works!
Thanks a whole lot for this tip!