4. IPsec to identical remote subnets

IPsec to identical remote subnets

  • W

    Hi,

    I have a pfsense 2.1.4 box with IPsec tunnels to two remote Amazon Virtual Private Cloud VPNs. Each Amazon VPN has two tunnels, so I have a total of 2 sets, 4 tunnels. The tunnels work well, but I can only get one set of tunnels work at a time. Since these two remote subnets are identical, 10.0.0.0/16 to be precise. I believe I need to have some NAT to differentiate the two sets. For example, from my LAN outgoing, 172.168.0.0/16 would proint to the first VPN, and 172.169.0.0/16 to the second VPN.

    I tried the NAT/BINAT option in the phase2 of the IPsec, but that did not work, as I believe the NAT there is for remote network to access my LAN. So that NAT is on my own LAN. What I need is a NAT on remote network.

    Is this possible? How should I do to accomplish this?

    I understand that if I can change the remote subnet of one VPC, I may be able to resolve this issue. But I don't have control on that.

    Thanks a lot for your help!

    Frank

    0
  • Rebel Alliance Developer Netgate

    It's not currently possible. You may only have one enabled at a time.

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy