On 5/26/2016 2:09 PM, Rosen Iliev wrote: > The other end has a conflict with our LAN addressing(192.168.1.0/24). > So in phase 2, we setup a Tunnel IPv4 using 193.168.1.0/24 for the > local Network. NAT/BINAT network of 192.168.85.0/24. Their remote > network is 192.168.75.0/24.
It's probably best to remove the conflict instead of perform the NAT. I appreciate that re-addressing your network could be impractical though. If the remote side is using 192.168.1/24 and you are using that same space, it doesn't seem like using a sonicwall will make the situation any better. Where exactly are you looking with 'pfSense's packet capture tool'? Are you looking on the ipsec tunnel or on your 192.168.1/24 interface? Can the far end folks be more explicit about the failure mode? Perhaps they could indicate exactly what response they get to the ICMP echo request? I would think you would need another private net for the tunnel, something like this: http://www.cisco.com/c/en/us/support/docs/security-vpn/ipsec-negotiation-ike -protocols/14143-same-ip.html _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
