Tunnel with VIP NATed to local IP
michele.zanini last edited by
I have configured an IPSEC tunnel between a pfSense 2.0 box on my side and a Cisco router on the customer's side:
My Local IP 192.168.32.100/32 <-> local pfSense (WAN 22.214.171.124)<-> remote pfSense (WAN 126.96.36.199) <-> Customer's remote IP 10.1.1.100/32
Obviously the IP addresses 188.8.131.52 and 184.108.40.206 are not the real one.
The tunnel worked without any problem up to now.
The problem is the following. The Customer told me that their security policies do not permit anymore to use the private networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 as remote subnets for the tunnel.
He asked me to use another public IP as remote LAN and to NAT that IP to the internal IP.
This is what he did on his side:
My remote IP <-> my pfSense <-> remote pfSense (WAN 220.127.116.11) <-> remote IP 18.104.22.168 -> NAted to IP 10.1.1.100
In other words, when I open a RDP connection to the remote IP 22.214.171.124, the connection is forwarded to 10.1.1.100.
I have one more public IP available (126.96.36.199), but I do not figure out how to do it on my side.
Do I have to create a Virtual IP on the WAN interface for my second public IP? If so, do I have to choose "Proxy ARP" or "IP Alias"?
It seems that I cannot use the WAN interface as my Local network. In fact, if I go to the Status -> IPsec page, I am not able to start the tunnel. There is not the "play" icon.
Once the tunnel is UP, how do I forward all the traffic from 188.8.131.52 to the local IP 192.168.32.100? I am very confused on understanding what rules I have to work with (WAN, LAN, IPsec?) together with the NAT 1:1 configuration.
I have tried in many ways but without success.
Any help will be appreciated
Thanks in advance