Welcome, Guest. Please login or register.
Did you miss your activation email?
Saturday 09 November 2024, 06:48:30 am

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14250 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  VPN Support
| | |-+  Virtual IP as IPsec Destination possible?
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: Virtual IP as IPsec Destination possible?  (Read 12885 times)
pakroby
Jr. Member
*
Offline Offline

Posts: 2


« on: Wednesday 02 September 2009, 08:02:32 am »

I want to set up an IPsec tunnel so that the local network that is routed to the remote network is one of my internet IP addresses.  This is to avoid conflicts with common private IP ranges.  Once that is working I plan to PAT/NAT the traffic to its actual destination.  I have never had a problem implementing this on my SonicWALL 3060, so I umed that it would not be too difficult to accomplish on Endian.  It looks like I was wrong. 

I have a Virtual IP, or VIP, of X.X.X.77 configured on my WAN interface.  This is also configured as my local network  destination for an IPsec tunnel. 
I also have a Source NAT rule set up so that all traffic destined to 192.168.99.0/24, the IPsec remote network, will be translated to come from my VIP of X.X.X.77.  In theory this should work.

The tunnel is configured and it comes up.  Traffic from my remote network has no problem making it to my local network, but I am unable to send any traffic from inside my Endian LAN to the remote IPsec network. 

As a trouble shooting step, I have deactivated both the outbound firewall and the inter-zone firewall, but this has not helped. 

I have also set up a sniffer listening to the internet switch that the Endian firewall is connected.  I do not see any traffic leaving X.X.X.77 or destined to 192.168.99.0/24. 

Is what I am trying to do even possible in Endian, or is this a limitation?  Any advice would be much appreciated. 


Thank you,
pakroby
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.031 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com