IPSec with subnet natting
for one of our customers we should setup a new IPSec VPN tunnel.
Goal is simple, configuration looks a bit confusing.
Our subnet: 10.124.29.0/24
Remote subnet: 10.240.0.0/12
Till here, no problems.
But the customer site has a policy that they cannot route a 10.124.29.0/24. They have to use a /24 in the 10.150.0.0/16 set.
So we have been assigned 10.150.33.0/24.
PhaseII our side :
our subnet: 10.150.33.0/24
remote subnet: 10.240.0.0/12
PhaseII cust side :
our subnet: 10.240.0.0/12
remote subnet: 10.150.33.0/24
We should manage to NAT the whole subnet from 10.150.33.0/24 to 10.124.29.0/24.
Is this possible? How can this be done?
Use Virtual IP option? And do a 1:1 and outbound nat?
Attached : Visio PDF to clear out things.
Maybe this can be done with virtual ip's and manual outbound nat.
Lack of NAT before IPsec is one of the known limitations of pfSense …
Check 2009 discussion here http://freebsd.1045724.n5.nabble.com/IPSec-nat-on-enc-device-td4023490.html
:P Ofcourse I forgot this.. then you must have two devices(one doing natting and another doing vpn) or think another solutions