Site access over IPSec
-
Hello! Help please, there's something I can't understand. The problem is this. There are two offices "A" and "B" Each office has pfsense installed. IPSec is configured between offices (mode: Tunnel IPV4). A website has been deployed in office "B". I'm trying to access this site in office "B" via an external IP through office "A". NAT and Firewall are configured. Packages do not reach office "B".
Client --> Office A <----- IPSec -----> Office B ------> Site
-
@abracadabras .. EXTERNAL IP ? Virtual IP ? why do you want to access via External IP when you can just use Private IP of SiteB via IPSEC Tunnel ?
-
@Pra2in Sorry for not explaining. In office "A" there was a site behind NAT, which I moved to office "B". But access is needed through the public IP WAN port of office “A”.
-
@abracadabras
IPSec is not really ideal to handle this traffic.Is it a policy based or a routed IPSec?
In case of policy, it would only work if you route all upstream traffic from B to A. This means at A phase 2 local network = 0.0.0.0/0, at B remote network = 0.0.0.0.0/0.
Or in case of routed IPSec, you need at least to masquerade the forwarded traffic at A on the outgoing interface, as far as I know.
Both solutions might have undesired side-effects. However, you can do this well with OpenVPN though.
-
@viragomannThanks for the answer. This is policy based IPSec. I'll look for other options then.
-
@abracadabras
If masquerading is acceptable you could also forward the traffic over WAN.
However, at B you would only see the IP of A. -
@viragomann Thank you very much, I'll try this option.