IPsec to identical remote subnets
wimafrank last edited by
I have a pfsense 2.1.4 box with IPsec tunnels to two remote Amazon Virtual Private Cloud VPNs. Each Amazon VPN has two tunnels, so I have a total of 2 sets, 4 tunnels. The tunnels work well, but I can only get one set of tunnels work at a time. Since these two remote subnets are identical, 10.0.0.0/16 to be precise. I believe I need to have some NAT to differentiate the two sets. For example, from my LAN outgoing, 220.127.116.11/16 would proint to the first VPN, and 18.104.22.168/16 to the second VPN.
I tried the NAT/BINAT option in the phase2 of the IPsec, but that did not work, as I believe the NAT there is for remote network to access my LAN. So that NAT is on my own LAN. What I need is a NAT on remote network.
Is this possible? How should I do to accomplish this?
I understand that if I can change the remote subnet of one VPC, I may be able to resolve this issue. But I don't have control on that.
Thanks a lot for your help!
It's not currently possible. You may only have one enabled at a time.