Need to appear as different subnet over IPSec VPN



  • Hello,

    I have a lot of LANs with subnet '192.168.1.0/24' that all need to connect to a LAN behind a Cisco 3005 VPN Concentrator via IPSec VPNs.  I'm wanting to save myself the trouble of having to reconfigure each LAN locally to a different subnet.  I'm assuming there's a way to configure pfSense to NAT the VPN traffic so that the '192.168.1.0' LANs can address the network behind the 3005, and the LAN behind the 3005 can address the '192.168.1.0' network as a different subnet?  Let's say the subnet behind 3005 is '172.16.1.0/24'.

    Thanks,

    Todd



  • No.

    You can do it one way, so that everything can access the 172.16.1.0/24 subnet, but not the other way.

    I'm afraid you'll need to take the hit and renumber those networks.  I'd suggest you use the 10/8 range.  Pick a /16 in that (say 10.128) and then start numbering the networks at zero (10.128.0/24).



  • Is pfSense capable of binat, or bidirectional nat?

    Thanks,

    Todd



  • Yes, look under Firewall: NAT: 1:1.


Locked