Nat and Ipsec Issiue
-
Hi all!
Im running a Pfsense 2.1-RC1 (i386) built on Sun Aug 25 23:40:01 EDT 2013 Snapshot.
Im working on a VPN Site to Site with Ipsec and have some troubles making the connection on the phase2.
My costumer is asking me to masquerade all the traffic from my network to a single ip address.10.10.13.0/24 -> 10.10.13.100 -> VPN -> x.x.x.x
the remote IP has a rule which only accepts traffic from the IP 10.10.13.100.
I was trying to making a Nat before Ipsec on the Phase2 configuration
Like this
Local network: 10.10.13.0/24Local address: 10.10.13.100/32
remote address: x.x.x.x32
when i check the ipsec status on the SPD scheme
its show this
Source Destination
200.10.8.144 10.10.13.100 >
10.10.13.0/24 200.10.8.144 <And im getting this error on the log and i cannot connect that phase2.
"Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: notification NO-PROPOSAL-CHOSEN received in informational exchange.
Aug 29 02:06:55 racoon: [Site-Site]: [RemotePublicAddress] ERROR: error message: '>`N'."for the record i was trying to doing different configurations on the Ipsec Service and i got this message on some point
08-28-13 23:23:08 [ There were error(s) loading the rules: /tmp/rules.debug:66: binat source mask and redirect mask must be the same - The line in question reads [66]: binat on enc0 from 10.10.13.0/24 to x.x.x.x/32 -> 10.10.13.100/32]
and lose all the conectivity to the outside.
Sorry for my poor english if anyone could help me with this would be great! thx!