Title: Virtual IP as IPsec Destination possible? Post by: pakroby on Wednesday 02 September 2009, 08:02:32 am I want to set up an IPsec tunnel so that the local network that is routed to the remote network is one of my internet IP addresses. This is to avoid conflicts with common private IP ranges. Once that is working I plan to PAT/NAT the traffic to its actual destination. I have never had a problem implementing this on my SonicWALL 3060, so I umed that it would not be too difficult to accomplish on Endian. It looks like I was wrong.
I have a Virtual IP, or VIP, of X.X.X.77 configured on my WAN interface. This is also configured as my local network destination for an IPsec tunnel. I also have a Source NAT rule set up so that all traffic destined to 192.168.99.0/24, the IPsec remote network, will be translated to come from my VIP of X.X.X.77. In theory this should work. The tunnel is configured and it comes up. Traffic from my remote network has no problem making it to my local network, but I am unable to send any traffic from inside my Endian LAN to the remote IPsec network. As a trouble shooting step, I have deactivated both the outbound firewall and the inter-zone firewall, but this has not helped. I have also set up a sniffer listening to the internet switch that the Endian firewall is connected. I do not see any traffic leaving X.X.X.77 or destined to 192.168.99.0/24. Is what I am trying to do even possible in Endian, or is this a limitation? Any advice would be much appreciated. Thank you, pakroby |