Hello,
I have what I thought would be a simple item to solve, but have been
unable to find a way to make this work with pfSense. Here's the
configuration:
remote-host (10.101.1.1)
|
remote-net (10.0.0.0/8)
|
remote-ipsec-server (11.11.11.11)
|
internet
|
pfsense (wan 22.22.22.22, lan 192.168.0.1/16)
|
local-net (192.168.0.0/16)
|
local-host (192.168.0.2)
The way IPSEC is set up is that the remote net is 10.0.0.0/8, whereas
my "local" portion is 10.100.100.80/28. What I am trying to do is to
have hosts in the local network access the remote 10.0.0.0/8 network
in the same way that they access hosts in the internet. In other
words, I want to hide them behind nat. There are no inbound
connections to the local net from the remote net, all connections
originate from the local net.
The remote IPSEC device is a Cisco. The pfSense version is 1.2-RC2.
I'm migrating to pfSense from Shorewall on Linux.
I have the IPSEC vpn configured in fpSense with local network
10.100.100.80/28, and remote network 10.0.0.0/8. I have a virtual IP
10.100.100.81 set up on the WAN interface.
I have AON enabled, and I have a NAT rule on the WAN interface for
destination 10.0.0.0/8 with NAT address 10.100.100.81.
For testing, I have a firewall rule for IPSEC that allows all packets
from the remote host (10.101.1.1) to any destination.
If I ping 10.10.1.1 from the local host, nothing happens--pfsense
does not initiate the IPSEC connection. If I ping any address in the
10.100.100.80/28 network from the remote host, the tunnel
successfully initiates. IPSEC traffic is seen between the remote
server and fpSense. Even though the tunnel is already up, ping from
the local host to the remote host still results in no traffic
whatsoever.
I cannot get pfSense to route packets destined for 10.0.0.0/8 through
the tunnel.
Can anyone suggest a way to solve this?
Thanks,
Denny
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
