How to configure binat for a VPN tunnel?
-
Hello,
I have a lot of branch offices with the same subnet addresses configured that I need to interconnect to me via VPN tunnels. I don't think my Cisco PIX 535 endpoint would be able to tell them apart if I did not binat these subnets to be unique from each other.
So, I need to set up IPSec VPN tunnels where the remote network (eg. 172.16.10.0/24) addresses my local network (eg. 192.168.1.0/24) as a different subnet (eg. 192.168.74.0/24). My local network should be able to address the remote network as well. What is the best way to do this? I am running the embedded nanobsd version '1.2.3-RELEASE'.
Thanks,
Todd
-
You can't do NAT+IPsec on pfSense 1.2.3. You can do it on 2.0, however.
-
Hi,
OK, thanks. Assuming the current 2.0 is OK for a production gateway VPN/NAT router?
Thanks,
Todd
-
It's still BETA (BETA5 actually) and there are a couple of issues that some people hit in the last few weeks that are problematic.
I'd say it's worth trying as a proof of concept but I would hesitate to put a current snapshot into production as-is for the moment.