4. IPSec with subnet natting

IPSec with subnet natting

  • D

    Hi all,

    for one of our customers we should setup a new IPSec VPN tunnel.
    Goal is simple, configuration looks a bit confusing.

    Our subnet: 10.124.29.0/24
    Remote subnet: 10.240.0.0/12

    Till here, no problems.
    But the customer site has a policy that they cannot route a 10.124.29.0/24. They have to use a /24 in the 10.150.0.0/16 set.
    So we have been assigned 10.150.33.0/24.

    PhaseII our side :
    our subnet: 10.150.33.0/24
    remote subnet: 10.240.0.0/12

    PhaseII cust side :
    our subnet: 10.240.0.0/12
    remote subnet: 10.150.33.0/24

    We should manage to NAT the whole subnet from 10.150.33.0/24 to 10.124.29.0/24.
    Is this possible? How can this be done?
    Use Virtual IP option? And do a 1:1 and outbound nat?

    Attached : Visio PDF to clear out things.

    Regards,
    Dieter

    0
  • M

    Maybe this can be done with virtual ip's and manual outbound nat.

    0
  • D

    Lack of NAT before IPsec is one of the known limitations of pfSense …

    Check 2009 discussion here http://freebsd.1045724.n5.nabble.com/IPSec-nat-on-enc-device-td4023490.html

    0
  • M

    :P Ofcourse I forgot this.. then you must have two devices(one doing natting and another doing vpn) or think another solutions

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy