4. Phase 2 BINAT same subnet on remote and local point to point

Phase 2 BINAT same subnet on remote and local point to point

  • K

    Is the BINAT feature for phase to for a situation where the remote network and the local network for phase 2 in a vpn is the same?  Does it allow translating to a intermediary subnet so that VPN can still be established?

    0
  • Rebel Alliance Developer Netgate

    Yes but if both sides have the same LAN then both sides must NAT.

    Imagine a scenario where Site A and Site B have 192.168.1.1 for the LAN.

    Site A will use a fake/NAT subnet of 10.0.1.0/24, Site B will use 10.0.2.0/24

    Site A's P2 will have:
    Local: 192.168.1.0/24
    NAT/BINAT: 10.0.1.0/24
    Remote: 10.0.2.0/24

    Site B's P2 will have:
    Local: 192.168.1.0/24
    NAT/BINAT: 10.0.2.0/24
    Remote: 10.0.1.0/24

    And then to reach each other, they each use the appropriate 10.0.x.x addresses.

    0
  • K

    Thanks jimp.

    0
  • K

    So what about this situation:

    Site A:

    Using a (Interface with) subnet with 192.168.1.0/24 different network. (Not part of VPN tunnel)

    IPSEC P2 Local Subnet is 172.20.20.0/24

    Site B:

    LAN is 192.168.1.0/24

    P2 local is using this 192.168.1.0/24 subnet.

    What would be the proper way to use BINAT or is it not needed?  Will the IPSEC tunnel know to direct traffic for the 172.20.20.0/24 going to 192.168.1.0/24 through the tunnel even though there is annother interface using 192.168.1.0/24?

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy