On Thu, May 20, 2010 at 2:31 PM, Fuchs, Martin <martin.fu...@trendchiller.com> wrote: > Hi ! > > I’ve got a question ! > > > > We have the following setup: > > > > WAN 195.x.x.x/29 --- WAN pfSense - LAN 10.x.x.x/16 > > | > > DMZ 195.x.x.x/29 > > > > On pfSense WAN there is racoon enabled for IPSec-termination of our > teleworkers. > > > > In our DMZ we have another IPSec endpoint, that shall terminate some > connections of some remote-systems for management purposes. > > > > Now it seems as if the remote endpoint connects to some IP in the DMZ > network (also official, external IPs), that the remote endpoint gets it’s > IPSec-answers from out pfSense WAN, not the DMZ-IP. > > > > Any ideas why this might be so or is it impossible to set it up this way ? > > Is GRE filtered out by pfSense on the WAN side it there is IPSec enabled ? >
GRE has nothing to do with IPsec. My suspicion is you haven't disabled NAT for the publicly addressed interface, so replies are getting translated to the WAN IP by your outbound NAT. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
