Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - fixit

Pages: [1]

General Discussion / Re: IPSEC TUNNEL and REMOTE 1:1 NAT

« on: December 03, 2018, 09:01:19 pm »

Hello,
Thanks for your answers.
@mimugmail : Yes it is my configuration type.
I try with this configuration, but It does not works:

VPN is UP
On remote site, i have take SDP to my local network, ie: 192.168.0.0/24,
Phase2 Remote 192.168.2.0 local 10.75.10.1
I take 1:1 rule: IPsec 10.75.10.1/24 192.168.0.1/24 *
I have allowed all traffic in LAN, IPSEC interfaces.

When I ping a machine (10.75.15.18) from local site my remote site I see ping arrived in remote machine (but I don't have response):
Ping: src: 192.168.2.94 dst: 192.168.0.18

And If I ping in my remote machine the local machine (ping 192.168.2.94), it's failed too.
I think I have a problem with routes for the back route.
What is wrong ? Maybe I do add a static route ?

@bartjsmit: Nothing happens if I create NAT rules, I even get an error on which tells me that ip does not exist? Do I have to create a "LAN" network interface in order to assign NAT rules to it? A virtual ip? In this case I dont use SDP ?

Thanks for you help,

Regards,
Ben

General Discussion / Re: IPSec tunnel not working with NAT

« on: November 30, 2018, 10:51:14 am »

Hello,
I think I have same problems, do you have you found a solution ?

Regards,
Benoit

General Discussion / IPSEC TUNNEL and BINAT

« on: November 30, 2018, 10:29:09 am »

Hello,
I have a remote network 192.168.0.1 that I want to access through an IPSEC tunnel. To avoid interfering with my local network, I need to make NAT of this remote network. I think it's 1to1.
Here is a diagram to explain:
LOCAL IPSEC REMOTE
ME 192.168.2.0 <------------------> 10.75.10.0/24:192.168.0.0/24 ----

I configured the tunnel
CONF VPN REMOTE:
subnet local 10.75.10.0 remote subnet 192.168.2.0
CONF LOCAL VPN:
subnet local: 192.168.2.0 remote subnet: 10.75.10.0

I created 1: 1 NAT rules to associate the subnet 10.75.10.0 to 192.168.0.0 on the WAN interface.
I created very permissive firewall rules that allow everything on the IPSEC interface over the WAN and the LAN.

But nothing to do nothing happens.
Do you have an idea ?

Best regards,
Ben

French - Français / NAT 1:1 via tunnel ipsec

« on: November 29, 2018, 11:58:50 am »

Bonjour,
J'ai un réseau distant 192.168.0.1 que je veux pouvoir accéder via un tunnel IPSEC. Pour ne pas avoir d'interférences avec mon réseau local, j'ai besoin de faire du NAT de ce réseau distant. Je pense qu'il s'agit du 1to1.
Voilà un schéma pour expliquer
LOCAL IPSEC DISTANT
MOI 192.168.2.0 <------------------> 10.75.10.0/24:192.168.0.0/24 ----

J'ai configuré le tunnel
CONF VPN DISTANT:
subnet local 10.75.10.0 subnet distant 192.168.2.0
CONF VPN LOCAL:
subnet local: 192.168.2.0 subnet distant: 10.75.10.0

J'ai créé des règles NAT 1:1 pour associer le subnet 10.75.10.0 à 192.168.0.0 sur l'interface WAN.
J'ai créé des règles dans le firewall très permissives qui autorisent tout sur l'interface IPSEC sur le WAN et le LAN.

Mais rien à faire rien ne passe. Je me demande s'il ne manque pas quelque chose dans le NAT SORTANT.

Est-ce que quelqu'un a déjà fait quelque chose de la sorte ?

Cordialement,
Benoit

Pages: [1]