Outbound NAT in IPSEC tunnel?
-
Hi,
We are running pfsense 2.0 on our site and we are trying to establish an ipsec to a partner with cisco ios. The problem is that the cisco side have some requirements:
- All traffic from our side has to come from an public ip.
Meaning we have some servers on our local subnet that needs to send traffic over the ipsec but the traffic has to come from an public ip instead of the local lan ip of the server. Is that possible with pfsense 2.0? I have done some tests with manual outbound nat rules with the following mapping:
Interface: WAN Source: Lan subnet Source port: * Destination: * Destination: 500 NAT Address: virtual ip (public) NAT Port: * Static port: YESBut when I for example connect to rdp to a server over the ipsec, it's traffic from the lan subnet ip from our site that is logged, not the virtual public ip.
So i'm just wondering if anyone here knows how to do this or if it even is possible at all?
Thanks in advance
-
Maybe manual outbound nat will help, if you set rule: destination ipsec-tunnel other end and set nat with your preferred virtual ip.
-
Hi and thanks for your answer. Your suggestion is the same as I have tried and noted in my first post. This did not work, but maybe I haven't configured it right? This is the current manual mapping for ipsec:
-
Try to configure that one specific destination area, not any
-
Tried to use the destination lan subnet in the rule but that did not work either. My lan ip is still showing as source on the other side. I tried an outbound rule just from LAN to WAN to use the virtual ip as nat address and that worked as expected. whatismyip.com showed the virtual ip instead of the real wan ip.
Does anyone know if the same is possible at all over ipsec with pfsense?
-
beats me, i don't know
-
thanks anyway :)