Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to configure binat for a VPN tunnel?

    IPsec
    2
    4
    2611
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttblum last edited by

      Hello,

      I have a lot of branch offices with the same subnet addresses configured that I need to interconnect to me via VPN tunnels.  I don't think my Cisco PIX 535 endpoint would be able to tell them apart if I did not binat these subnets to be unique from each other.

      So, I need to set up IPSec VPN tunnels where the remote network (eg. 172.16.10.0/24) addresses my local network (eg. 192.168.1.0/24) as a different subnet (eg. 192.168.74.0/24).  My local network should be able to address the remote network as well.  What is the best way to do this?  I am running the embedded nanobsd version '1.2.3-RELEASE'.

      Thanks,

      Todd

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can't do NAT+IPsec on pfSense 1.2.3. You can do it on 2.0, however.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • T
          ttblum last edited by

          Hi,

          OK, thanks.  Assuming the current 2.0 is OK for a production gateway VPN/NAT router?

          Thanks,

          Todd

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            It's still BETA (BETA5 actually) and there are a couple of issues that some people hit in the last few weeks that are problematic.

            I'd say it's worth trying as a proof of concept but I would hesitate to put a current snapshot into production as-is for the moment.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post