1:1 NAT within Hub and Spoke IPsec VPN setup
-
Hi,
following situation:
Main Location (10.1.0.0/24) has two IPsec VPN connections.
First IPsec VPN is to a sub location (10.1.2.0/24).
Both endpoints are pfSense (Cluster) owned and managed by us.
Second IPsec VPN (10.100.13.0/24) is to a data centre, firewall is not owned by us, every change is complicated an very expensive.
Now i need to get access through VPN from sub location (10.1.2.0/24) to some servers in the data centre (10.100.13.0/24).for testing i have done as far:
1. created an IP alias (10.1.0.200) on firewall at main location
2. created a 1:1 NAT
<onetoone><external>10.1.0.200</external><interface>lan</interface>
<source><address>10.100.13.182</address>
<destination><any></any></destination></onetoone>
[tested all NAT reflection types]
3. set proper rules (I hope so) with logging.reaching the host in the data centre (10.100.13.182) by IP 10.1.0.200 from the 10.1.0.0 net is no problem, but i don't get a connection from the 10.1.2.0 network.
any hints or help how to resolve this issue ?
regards
Christoph