How to configure binat for a VPN tunnel?



  • Hello,

    I have a lot of branch offices with the same subnet addresses configured that I need to interconnect to me via VPN tunnels.  I don't think my Cisco PIX 535 endpoint would be able to tell them apart if I did not binat these subnets to be unique from each other.

    So, I need to set up IPSec VPN tunnels where the remote network (eg. 172.16.10.0/24) addresses my local network (eg. 192.168.1.0/24) as a different subnet (eg. 192.168.74.0/24).  My local network should be able to address the remote network as well.  What is the best way to do this?  I am running the embedded nanobsd version '1.2.3-RELEASE'.

    Thanks,

    Todd


  • Rebel Alliance Developer Netgate

    You can't do NAT+IPsec on pfSense 1.2.3. You can do it on 2.0, however.



  • Hi,

    OK, thanks.  Assuming the current 2.0 is OK for a production gateway VPN/NAT router?

    Thanks,

    Todd


  • Rebel Alliance Developer Netgate

    It's still BETA (BETA5 actually) and there are a couple of issues that some people hit in the last few weeks that are problematic.

    I'd say it's worth trying as a proof of concept but I would hesitate to put a current snapshot into production as-is for the moment.


Log in to reply