Access Modem with unchangeable IP on other Site

Stee7ic

Hello,

let me start with this: I am an absolute beginner regarding Network and Pfsense, it just happened that right now I am unfortunately the most knowledgeable person (regarding Pfsense) at my work. So please understand if what I write is utter nonsense.

I have really tried to find a suitable answer using Google and this Forum, but probably I do not understand enough to find a solution this way.

We have multiple sites, our Pfsenses are all connected via IPsec. Historically we always had modems where we could change the IP to a site-specific value, which made accessing them from the other sites easy. Now we more and more have fiber modems with unchangeable IP (192.168.100.1), that we would like to access from other sites:

SITE A
Modem: 10.120.30.254
Pfsense: 10.120.10.254

SITE B
Modem 192.168.100.1 (cant be changed to 10.130.30.254)
Pfsense: 10.130.10.254

In this example, we would like to reach the Modem on Site B using some kind of forwarding for the site-specific IP 10.130.30.254

Is there a way to do this?

viragomann

@Stee7ic
The proper way to access an additional subnet on the remote site is to add an IPSec phase 2 on both endpoints to connect local LAN with it.

However, if your goal is just to access a single IP from remote you can also go with natting an IP of of an existing phase 2 to the modems IP.

Both presume that you are already able to access the modem from the local LAN.

Gblenn

@Stee7ic So you have double NAT situation at all your sites?
As in Public IP -> Modem -> 192.168.100.1 -> pfsense -> LAN IP
So I'm assuming when you say pfsense is 10.120.10.254, that is the LAN IP?

It shouldn't matter what the pfsense WAN IP happens to be, which would be unique for each site as well (at least the public IP).

I'm assuming with double NAT that the modems are set up to do port forward of ports 500, 4500 or whatever you use for IPSec?