PFSENSE + IPSEC + NAT
We have a network with different subnets:
We also have an IPSEC connection to provide mutual services (WEB and DNS) of which I have no control at the other end. The services of both have the 172.19.0.0/24 network as their origin and destination.
In the PFSENSE (in high availability) I have a VIRTUAL IP 172.19.0.1 which is the gateway for the IPSEC tunnel.
Currently I have the IPSEC tunnel working correctly but I have a router with addresses 172.19.0.5 and 10.0.0.5 doing NAT from networks 10.0.0.0 to network 172.19.0.0/24 to be able to send the traffic through the IPSEC tunnel (access to networks 172.19.10.0/24. 172.19.11.0/24, ...)
I have done numerous tests to try to NAT the traffic from networks 10.0.X.0 to 172.19.0.1 and thus send through the IPSEC tunnel but I can't. The tests carried out are:
- Configure Outbound NAT to the IPSec interface
- Configure Outbound NAT to the network interface 172.19.0.1 (CARP IP)
- Configure Outbound NAT to the network interface 172.19.0.2 (IP PFSense)
- Create another Virtual IP and use it for Outbound NAT.
Thanks for the help.
I have also posted this problem in the NAT section with more information to see if someone can help me.