OPNsense Forum

English Forums => Virtual private networks => Topic started by: wtelese on November 17, 2022, 07:47:06 pm

Title: Urgent if possibile - IPSEC Nat - HELP!!
Post by: wtelese on November 17, 2022, 07:47:06 pm: Hello to everyone,
i've a customers that come to my firewall with VPN IPSEC

SITE A -> WAN 1.2.3.4 LAN 192.168.2.0/24
SITE B -> WAN 4.3.2.1 LAN 172.10.50.80/28

Phase1 - OK!
Phase 2 - Customer - Site B is behind NAT and tould me this parameters
REMOTE IP SITE B 4.3.2.1
PRIVATE SUBNET SITE B 172.10.50.80/28
REMOTE IP SITE A 1.2.3.4
PRIVATE SUBNET SITE A 172.10.52.80/28

In the Phase 2 these are the set parameters
LOCALNETWORK Network 172.17.52.80/28
REMOTENETWORK Network 172.17.50.80/28
Manual SPD Entries 192.168.2.0./24

After i've created a NAT One-to-One
TYPE NAT
EXTERNAL NETWORK 172.17.52.80/28
SOURCE NETWORK 192.168.2.0/24
DESTINATION NETWORK 172.17.50.80/28

BUT ... DO NOT FUNCTION!!

in the LOG the error is

Quote
traffic selectors 172.17.52.80/28 === 172.17.50.192/28 unacceptable

Where am I doing wrong? What the wrong parameter?
Can you help me please.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy