1:1 NAT within Hub and Spoke IPsec VPN setup



  • Hi,
    following situation:
    Main Location (10.1.0.0/24) has two IPsec VPN connections.
    First IPsec VPN is to a sub location (10.1.2.0/24).
    Both endpoints are pfSense (Cluster) owned and managed by us.
    Second IPsec VPN (10.100.13.0/24) is to a data centre, firewall is not owned by us, every change is complicated an very expensive.
    Now i need to get access through VPN from sub location (10.1.2.0/24) to some servers in the data centre (10.100.13.0/24).

    for testing i have done as far:
    1. created an  IP alias (10.1.0.200) on firewall at main location
    2. created a 1:1 NAT
                <onetoone><external>10.1.0.200</external>

    <interface>lan</interface>
    <source>

    <address>10.100.13.182</address>

    <destination><any></any></destination></onetoone>
    [tested all NAT reflection types]
    3. set proper rules (I hope so) with logging.

    reaching the host in the data centre (10.100.13.182) by IP 10.1.0.200 from the 10.1.0.0 net is no problem, but i don't get a connection from the 10.1.2.0 network.

    any hints or help how to resolve this issue ?

    regards
    Christoph


Log in to reply