Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT / Port Forward Over Site-Site VPN

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 750 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tidus
      last edited by

      I have been having trouble to achieve the following.

      Site A:
      WAN IP: 1.1.1.1 (1.1.1.2 - 1.1.1.4)
      LAN IP: 10.10.10.1

      Site B:
      WAN IP: 2.2.2.2
      LAN IP: 10.10.20.1

      Site A and Site B has been setup with IPSec

      is it possible, that I can forward the traffic going to Site A (1.1.1.2) to a server inside Site B (eg. 10.10.20.55)

      Internet –> (Site A) 1.1.1.2 --> (Site B) 10.10.20.55

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That isn't possible with IPsec, unless on the Phase 2, the site A side is defined as 0.0.0.0/0 to send all traffic back over IPsec (at least from a source of 10.10.20.55)

        It's possible with OpenVPN and has been described several times around the forum and mailing list. It requires assigning the OpenVPN interface and moving some rules around but it works fine.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.