Is it possible to tunnel an outside IP through the IPSec on pfSense? I've had the following configuration on my PIX:
Remote side: Tunnel target was public address X.X.2.67 Tunnel gateway was public address X.X.102.135 Local side: Tunnel gateway (Cisco PIX): Public address Y.Y.75.186 Tunnel target: Public address Y.Y.75.190 redirected statically from inside 192.168.6.190. This was done so, because my inside network addresses would overlap with subnet configured on the remote device. It worked pretty well, although the setup was a little counterintuitive for me. I've tried to replicate this setup with pfSense and the Tunnel starts fine, but the inside host 192.168.6.190 (NATed 1:1 and with Virtual IP) doesn't use the channel when contacting the remote address X.X.2.67... Below is a stripped configuration from PIX... Regards Jan name X.X.96.67 Plus2 name X.X.X.190 IPSecZewn access-list ipsec-pogram permit ip host IPSecZewn host Plus1 access-list ipsec-pogram permit ip host IPSecZewn host Plus2 access-list ipsec-pogram permit ip host IPSecZewn host Plus3 static (inside,outside) IPSecZewn Serwer1_190 netmask 255.255.255.255 0 0 static (inside,outside) X.X.X.184 Serwer1_184 netmask 255.255.255.255 0 0 crypto ipsec transform-set plus-3des-sha esp-3des esp-sha-hmac crypto map internet 820 ipsec-isakmp crypto map internet 820 match address ipsec-pogram crypto map internet 820 set pfs group2 crypto map internet 820 set peer X.X.102.235 crypto map internet 820 set transform-set plus-3des-sha isakmp enable outside isakmp key ******* address X.X.102.235 netmask 255.255.255.255 no-xauth no-config-mode isakmp identity address isakmp policy 10 authentication pre-share isakmp policy 10 encryption des isakmp policy 10 hash md5 isakmp policy 10 group 2 isakmp policy 10 lifetime 86400 isakmp policy 20 authentication pre-share isakmp policy 20 encryption 3des isakmp policy 20 hash md5 isakmp policy 20 group 2 isakmp policy 20 lifetime 86400 isakmp policy 30 authentication pre-share isakmp policy 30 encryption 3des isakmp policy 30 hash sha isakmp policy 30 group 2 isakmp policy 30 lifetime 86400
