• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Problem with NATed IPSec and CARP

Scheduled Pinned Locked Moved IPsec
1 Posts 1 Posters 161 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fkogut
    last edited by Feb 13, 2024, 3:20 PM

    Hi everyone,

    I have a problem with IPSec tunnel. On local side have 192.168.40.16/29 network, remote side 192.168.40.24/29 on Phase 2.
    I tried both modes (Tunnel and VTI - Routed) but in tunnel mode I can't reach servers from remote side (sNAT not working with Tunnel mode), because 192.168.40.16/29 is only fake network and I NATed traffic between 192.168.148.248/29 and 192.168.40.16/29 to 192.168.40.24/29. It works, but only with this subnet 192.168.148.248/29, not from my other LAN and VPN submets.

    My LAN networks are:
    192.168.138.0/24 - VPN Network
    192.168.139.0/24 - VPN Network
    192.168.148.0/24 - LAN
    192.168.158.0/24 - VLAN2
    10.0.2.0/24 - VLAN3

    I configured IPSec in VTI - Routed mode, configured Routing, NAT, FW Rules and it works on master node, but if master is not available, backup node have connected IPSec tunnel and sNAT from my network to remote side not respond, remote side can't see my servers (dNAT won't work too).

    Anyone have the same problems?
    I don't have any ideas where is the main problem.

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received