0

I have got on IPSec tunnel mapping a remote 172.x/24 network to my local 10.x/16 network.

Because I cannot change the configuration on the remote site I need to use this like this (with 10.x/16 network).

On my local site I have got a 172.x/24 subnet with a PC which should be able to communicate with a PC in the remote 172.*/24 network. This of course does not work because it is only mapped to 10.x/16.

I there something I can do (gateway, routing) to get it work? Define a second subnet e.g. 10.128.80.x/24 and map it to the 172.*/24 one?

Improve this question
3
  • Sure you could use NAT to solve this, but I strongly recommend you take a step back and reexamine the situation. Using NAT here will come back to bite you. // While you’re at it, maybe also check the wording in your question. What do you mean by “map”? That’s not a term I’d use with subnets. Do you perhaps mean that the remote network has a route to your local 10.x.x.x network?
    – Daniel B
    Commented May 27 at 11:28
  • 1
    @DanielB: It's a term that is often used with NAT, though – regular NAT maps old address A to new address B, and I suspect OP is asking for what Linux calls "netmap", i.e. 1:1 mapping of one /24 to another (e.g. 10.x.y.1⇒172.x.y.1; 10.x.y.2⇒172.x.y.2); I'm not sure whether it can be done in pfSense but it would be a type of NAT rule on Linux.
    – grawity_u1686
    Commented May 27 at 12:31
  • I think routing is working here - accessing an address in the remote 172.x/24 network from any local local 10.x/16 one is working because because it is routed through the IPSec tunnel. If the IPSec tunnel used 172.x/24 instead of 10.x/16 as local subnet it might also work between local and remote 172.x/24 devices. NAT is possible in Pf Sense - but here e.g. : working: local 10.1.1.11 -> (IPSec) remote 172.1.1.10 wanted: local 172.1.1.11 -> (IPSec) remote 172.1.1.10 (same ports) need e.g.: local 172.1.1.11 -> (xxx) -> "Fake" local 10.1.1.11 -> (IPSec) remote 172.1.1.10 (same ports)
    – LeifSec
    Commented May 28 at 5:31

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .