IPSEC L2L - how to publish remote WebServer

maurywind

Dear All,
Thanks in advance for your attention.
I'm in a situation where I've two main sites (A and B) connected via IPSEC (L2L), the sites have just only one LAN each one: [Site A: 172.17.0.0/24] and [Site B: 192.168.200.0/24], without DMZ.
The tunnel is up and running… all services works very well.
The Incoming Internet access is available only on site A due to site B is connected to a ISP that apply "dynamic port translation" on their customers.. so I cannot apply any port-forwarding directly on WAN site B.

Now for some tests I need to "allow" from Internet, access to a web server located in LAN site B.
So, the need is to "forward" the request coming to WAN site A (TCP:80) be forwarded to LAN Site B Server 192.168.200.10 (using the VPN ipsec).
I'm really do it in a multivendor appliances without any problem (but due to I'm new  in PFSENSE) I didn't found the correct NAT I should configure in PFSENSE Site A... I'm triyed many configurations using Port forward, Nat Outbound, IP Virtual.. but without any success.
I've looked on pflog and every interfaces using tcpdump... whitout good results.
Somewhere googling I found some about my problem and the answer was to switch NAT to Manual and configure on IPSEC interface the NAT outbound (like doing a Source NAT).

By this, I've intended the follow logic (but I'm sure in an error) so that:

1. Do "Port forwarding" on the WAN Site A (from Internet to WAN site A port 80, forwarded to 192.168.200.10:80)
2. On Ipsec interface (Site A) do a SOURCE NAT, so the the public ip source is natted (SNAT) to a private ip of LAN A following the VPN domain configured on the tunnel  (ex: 172.17.0.2).
   Where I'm wrong ?
   Thank you  very much.

cmbc

Hello,

do you have find a solution because i need to do the same thing?

Thanks for help