1
20.1 Legacy Series / IPsec with NAT setup help
« on: June 02, 2020, 06:24:30 am »
Hi,
Hope someone has gone through this and found a solution. I have spent days going over my configurations and referencing this forum and other sites trying to find a workable solution for the IPsec with NAT setup.
I've got Phase 1 working. Phase 2 and correct Outbound or 1:1 NAT is where I'm stuck.
My setup:
I have a 192.168.20.0/24
Partner remote network is 172.83.125.0/26
Because of overlapping network on the partner side, we agreed on a translated network between our sites.
My fake (translated network) is : 172.30.217.193/28
Because the fake translated network is /28, and I can't map my real network ( 192.168.20.0/24) to it 1:1.
I will need to create another subnet of my real network to create a slash 28.
For that, I created 192.168.20.0/28
My plan is to route 192.168.20.0/28 to the partner remote network (172.81.125.0/26), should be natted to 172.30.217.193/28
I have this identical setup on my Zywall router and it works. Just trying to move from my current router to OPNsense.
This is how it's setup on Zywall:
https://support.zyxel.eu/hc/en-us/articles/360001378633-How-to-setup-SNAT-in-a-VPN-tunnel
Hope i can find some help here.
Thanks,
~Richard
Hope someone has gone through this and found a solution. I have spent days going over my configurations and referencing this forum and other sites trying to find a workable solution for the IPsec with NAT setup.
I've got Phase 1 working. Phase 2 and correct Outbound or 1:1 NAT is where I'm stuck.
My setup:
I have a 192.168.20.0/24
Partner remote network is 172.83.125.0/26
Because of overlapping network on the partner side, we agreed on a translated network between our sites.
My fake (translated network) is : 172.30.217.193/28
Because the fake translated network is /28, and I can't map my real network ( 192.168.20.0/24) to it 1:1.
I will need to create another subnet of my real network to create a slash 28.
For that, I created 192.168.20.0/28
My plan is to route 192.168.20.0/28 to the partner remote network (172.81.125.0/26), should be natted to 172.30.217.193/28
I have this identical setup on my Zywall router and it works. Just trying to move from my current router to OPNsense.
This is how it's setup on Zywall:
https://support.zyxel.eu/hc/en-us/articles/360001378633-How-to-setup-SNAT-in-a-VPN-tunnel
Hope i can find some help here.
Thanks,
~Richard