Lan to Lan VPN

oko

Customer requires that we connect to they network with Lan to Lan VPN. They give proper parameters and I get pfSense 1.2 to connect to they side.

Jan 28 10:54:48 racoon: [XXXXXX]: INFO: ISAKMP-SA expired XX.XX.XX.118[500]-YY.YY.YY.99[500] spi:1234567890abcdef:1234567890abcdef
Jan 28 10:53:50 racoon: [XXXXXX]: INFO: ISAKMP-SA established XX.XX.XX.118[500]-YY.YY.YY.99[500] spi:1234567890abcdef:1234567890abcdef
Jan 28 10:53:50 racoon: INFO: received Vendor ID: CISCO-UNITY
Jan 28 10:53:50 racoon: INFO: received Vendor ID: DPD
Jan 28 10:53:50 racoon: INFO: received Vendor ID: draft-ietf-ipsra-isakmp-xauth-06.txt
Jan 28 10:53:50 racoon: INFO: begin Identity Protection mode.
Jan 28 10:53:50 racoon: [XXXXXX]: INFO: respond new phase 1 negotiation: XX.XX.XX.118[500]<=>YY.YY.YY.99[500]

But I can't ping or RDP to wanted host, and traceroute still goes to internet and not over VPN.

They want that I configure our Local subnet to be XX.XX.XX.118 ie. to our VPN gateway IP address, and I don't understand how to NAT trafic from our private address net to they public address net.

All tests which I have done with two psSense boxes uses Class-C local nets and trafic is routed well.

Is this suggested /required configuration possible at all or is other end guy simply lacking some knolidge also, when he states that they can't accept private class addresses as opposite side local lan?

rkelleyrtp

Can you please post a picture or diagram of what you are trying to do?  Screenshots of what you have configured in pfSense would be very helpful.