4. IPSEC is connected but one-way traffic - NAT problem

IPSEC is connected but one-way traffic - NAT problem

  • V

    I have upgraded both hardware and pfSense software to 2.1.4 - and I took the opportunity to do a fresh config from scratch to clear out loads of cruft that had accumulated.  But now I'm not recreating the IPSEC VPN entirely correctly for some reason.

    my setup:

    LAN 192.168.1.1 <–> pfsense wan 75.nn.nn.nn <--> internet <--> datacenter IPSec <--> VM Server 192.168.2.1

    Note that data center / VM provider manages IPSec on their end, and all this was working before I changed my side of the equation.

    My IPSec configuration appears to be OK, and tunnel established, etc.  Datacenter tech confirms he is showing UP/UP on his side also.  Traffic originating at datacenter can route to LAN OK - i.e., from 192.168.2.1, I can fetch a webpage hosted on 192.168.1.100.

    However, reverse traffic is not working.

    Datacenter tech advises that all the request from my side of the tunnel are dropping because they originate at 75.nn.nn.nn, instead of a 192.168.1.n address.

    So, I am NAT'ing when I should not be - or rather, I am NAT'ing to the wrong interface address (pfSense public IP) instead of using PFSense LAN.

    Any help?  Thanks!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy