4. IPsec to identical remote subnets

IPsec to identical remote subnets

  • W

    Hi,

    I have a pfsense 2.1.4 box with IPsec tunnels to two remote Amazon Virtual Private Cloud VPNs. Each Amazon VPN has two tunnels, so I have a total of 2 sets, 4 tunnels. The tunnels work well, but I can only get one set of tunnels work at a time. Since these two remote subnets are identical, 10.0.0.0/16 to be precise. I believe I need to have some NAT to differentiate the two sets. For example, from my LAN outgoing, 172.168.0.0/16 would proint to the first VPN, and 172.169.0.0/16 to the second VPN.

    I tried the NAT/BINAT option in the phase2 of the IPsec, but that did not work, as I believe the NAT there is for remote network to access my LAN. So that NAT is on my own LAN. What I need is a NAT on remote network.

    Is this possible? How should I do to accomplish this?

    I understand that if I can change the remote subnet of one VPC, I may be able to resolve this issue. But I don't have control on that.

    Thanks a lot for your help!

    Frank

    0
  • Rebel Alliance Developer Netgate

    It's not currently possible. You may only have one enabled at a time.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy