Von: Chris Buechler [mailto:cbuech...@gmail.com] Gesendet: Montag, 19. Juli 2010 23:05 An: support@pfsense.com Betreff: Re: [pfSense Support] NAT over VPN
On Mon, Jul 19, 2010 at 1:04 PM, Matthias Niggemeier <m...@thias.de> wrote: >> Hi there, >> I have to configure IPSec to a customers site using pfSense 1.2.3. Normally >> not a big problem, but this is the first time I need to do NAT over VPN; >> i.e. the customer gives us only one ip address for the gateway, the rest has >> to be natted behind this. >> As I searched through the list, I found that this is not possible with >> pfSense. (still true?) > Yes. The only option, if you must use IPsec (OpenVPN can NAT no > problem), is to add a second firewall. It can be pfSense, usually when > we set this up we use a VM inside the network which handles the NAT, > then the primary firewall handles the IPsec. You just can't do both on > the same system because of the way IPsec processing functions in > FreeBSD. Hm, the solution with pfsense in a VM would be fine. But the routing is a bit unclear for me. The NAT-IP the customer gave me has to be put in the local subnet field (single host); lets say 188.120.55.55. How would I configure the second pfsense? My local subnet is 192.168.1.0, the customers net is, lets say 172.16.1.0. So I would I add the route to 172.16.1.0? It has to go through the second pfsense, but with which target address? Regards Matthias --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org