Topics

1

20.1 Legacy Series / IPsec with NAT setup help

« on: June 02, 2020, 06:24:30 am »

Hi,

Hope someone has gone through this and found a solution. I have spent days going over my configurations and referencing this forum and other sites trying to find a workable solution for the IPsec with NAT setup.

I've got Phase 1 working. Phase 2 and correct Outbound or 1:1 NAT is where I'm stuck.

My setup:

I have a 192.168.20.0/24

Partner remote network is  172.83.125.0/26

Because of overlapping network on the partner side, we agreed on a translated network between our sites.

My fake (translated network) is : 172.30.217.193/28


Because the fake translated network is /28, and I can't map my real network ( 192.168.20.0/24) to it 1:1.
I will need to create another subnet of my real network to create a slash 28.

For that, I created 192.168.20.0/28

My plan is to route 192.168.20.0/28 to the partner remote network (172.81.125.0/26), should be natted to 172.30.217.193/28


I have this identical setup on my Zywall router and it works. Just trying to move from my current router to OPNsense.

This is how it's setup on Zywall:

https://support.zyxel.eu/hc/en-us/articles/360001378633-How-to-setup-SNAT-in-a-VPN-tunnel

Hope i can find some help here.

Thanks,

~Richard