Tunnel with VIP NATed to local IP
michele.zanini last edited by
I have configured an IPSEC tunnel between a pfSense 2.0 box on my side and a Cisco router on the customer's side:
My Local IP 192.168.32.100/32 <-> local pfSense (WAN 220.127.116.11)<-> remote pfSense (WAN 18.104.22.168) <-> Customer's remote IP 10.1.1.100/32
Obviously the IP addresses 22.214.171.124 and 126.96.36.199 are not the real one.
The tunnel worked without any problem up to now.
The problem is the following. The Customer told me that their security policies do not permit anymore to use the private networks 10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16 as remote subnets for the tunnel.
He asked me to use another public IP as remote LAN and to NAT that IP to the internal IP.
This is what he did on his side:
My remote IP <-> my pfSense <-> remote pfSense (WAN 188.8.131.52) <-> remote IP 184.108.40.206 -> NAted to IP 10.1.1.100
In other words, when I open a RDP connection to the remote IP 220.127.116.11, the connection is forwarded to 10.1.1.100.
I have one more public IP available (18.104.22.168), but I do not figure out how to do it on my side.
Do I have to create a Virtual IP on the WAN interface for my second public IP? If so, do I have to choose "Proxy ARP" or "IP Alias"?
It seems that I cannot use the WAN interface as my Local network. In fact, if I go to the Status -> IPsec page, I am not able to start the tunnel. There is not the "play" icon.
Once the tunnel is UP, how do I forward all the traffic from 22.214.171.124 to the local IP 192.168.32.100? I am very confused on understanding what rules I have to work with (WAN, LAN, IPsec?) together with the NAT 1:1 configuration.
I have tried in many ways but without success.
Any help will be appreciated
Thanks in advance