Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    1:1 NAT within Hub and Spoke IPsec VPN setup

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 697 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chanle
      last edited by

      Hi,
      following situation:
      Main Location (10.1.0.0/24) has two IPsec VPN connections.
      First IPsec VPN is to a sub location (10.1.2.0/24).
      Both endpoints are pfSense (Cluster) owned and managed by us.
      Second IPsec VPN (10.100.13.0/24) is to a data centre, firewall is not owned by us, every change is complicated an very expensive.
      Now i need to get access through VPN from sub location (10.1.2.0/24) to some servers in the data centre (10.100.13.0/24).

      for testing i have done as far:
      1. created an  IP alias (10.1.0.200) on firewall at main location
      2. created a 1:1 NAT
                  <onetoone><external>10.1.0.200</external>

      <interface>lan</interface>
      <source>

      <address>10.100.13.182</address>

      <destination><any></any></destination></onetoone>
      [tested all NAT reflection types]
      3. set proper rules (I hope so) with logging.

      reaching the host in the data centre (10.100.13.182) by IP 10.1.0.200 from the 10.1.0.0 net is no problem, but i don't get a connection from the 10.1.2.0 network.

      any hints or help how to resolve this issue ?

      regards
      Christoph

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.