NAT problem, multiple subnets and VPN tunnel
-
I cannot get this setup to work. Either I am doing some wrong or it is just not possible.
2 pfSense, one as main router (A) och a separate one for IPSEC-tunnels (B). both running 2.1.5-RELEASE
Main router has multiple VLANs on the inside (as well as WAN and DMZ on separate NICs).
Main internal subnet is 192.168.2.0/24 (192.168.2.1 as IP).The other pfSense (tunnels) has an internal IP of 192.168.2.83 and an external IP in the DMZ.
I already have multiple tunnels up and running.
Normally we add all internal networks (VLANs on main router) to the phase 2 on each tunnel and add static routes
on the A pointing to 192.168.2.83. B also has static routes pointing to 192.168.2.1 for relevant subnets.
This works fine (no problems).Now I have a new tunnel where I cannot add all the internal nets to the tunnel since those IP-ranges already are
used on the remote site.
I have set up a new VLAN [VLAN_303] (10.215.225.0/24) on A and added static routes to B.
Remote side of the tunnel is 10.118.10.0/24The network 10.215.225.0/24 has no problem reaching 10.118.10.0/24.
But I also need clients in 192.168.2.0/24 to reach 10.118.10.0/24.
I tried to add a NAT (I am already using "AON - Advanced Outbound NAT"):
IF: VLAN_303, Source 192.168.2.0/24, Destination 10.118.10.0/24, NAT Address: 10.215.225.1But this doesn't seem to work? The traceroute just bounces the traffic between 192.168.2.1 and 192.168.2.83
and a traffic dump on the IPSEC-interface on B shows that the pings are comming from (for example) 192.168.2.50 and not
10.215.225.1."Bypass firewall rules for traffic on the same interface" is set but it didn't make any differens when
I unset this.Any thoughts?