[pfSense] Fwd: Not connect ipsec vpn remote with local network different to LAN
Thanks thanks thanks Jim, it works Very thanks. I love pfsense...is the best software firewall. Bye. 2012/12/10 Jim Pingle li...@pingle.org On 12/10/2012 11:31 AM, may...@maykel.sytes.net wrote: ok, well, then only connect with cisco vpn update to pfsense 2.1? It has nothing to do with Cisco - it's the NAT+IPsec feature you need. On 2.0.x (and even 1.2.x) it connects fine to Cisco in setups that do not require NAT+IPsec. Since you require NAT+IPsec, you need 2.1. Jim ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
Make sure you set the WAN port to be able to proxy for the internal address. I made this mistake several times. From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Marcio Merlone Sent: Tuesday, December 18, 2012 11:07 AM To: pfSense support and discussion Subject: [pfSense] 1:1 NAT on pfSense 2.0.1 Greetings, I am trying to make a dead simple 1:1 NAT from one wan address to an internal server. I was assigned the x.x.x.152/29 address for my WAN from my ISP, and designated the ip x.x.x.154 for pfsense while x.x.x.153 is its gateway. I can use pfsense as gateway for internet just fine. Now I want to open my web server to the world. I first created a virtual IP x.x.x.155/29 on the WAN interface as an IP alias, then a 1:1 NAT pointing x.x.x.155 to 10.0.0.215, which is my web server and finally created a respective firewall rule on the wan interface allowing traffic from wan to 10.0.0.215 on port 80. The same as on http://www.youtube.com/watch?v=5lMRA1ntgz8 Is that all? Have I missed something? With this setup x.x.x.155 opens up pfsense login screen and not my web server. Can anybody help me track what's wrong? Thanks and best regards. -- Marcio Merlone TI - Administrador de redes A1 Tecnologia Industrial - Unidade Corporativa Fone: +55 41 3616-3797 Cel: +55 41 9689-0036 http://www.a1.ind.br/http://www.a1.ind.br ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
Em 18-12-2012 14:08, Rawlyk, Mark (Mark) escreveu: Make sure you set the WAN port to be able to proxy for the internal address. I made this mistake several times. How is that? Sorry, I do not understand what you mean. -- Marcio Merlone ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
On 12/18/2012 10:06 AM, Marcio Merlone wrote: Greetings, I am trying to make a dead simple 1:1 NAT from one wan address to an internal server. I was assigned the x.x.x.152/29 address for my WAN from my ISP, and designated the ip x.x.x.154 for pfsense while x.x.x.153 is its gateway. I can use pfsense as gateway for internet just fine. Now I want to open my web server to the world. I first created a virtual IP x.x.x.155/29 on the WAN interface as an IP alias, then a 1:1 NAT pointing x.x.x.155 to 10.0.0.215, which is my web server and finally created a respective firewall rule on the wan interface allowing traffic from wan to 10.0.0.215 on port 80. The same as on http://www.youtube.com/watch?v=5lMRA1ntgz8 Is that all? Have I missed something? With this setup x.x.x.155 opens up pfsense login screen and not my web server. Can anybody help me track what's wrong? AFAIK there is no 1:1 NAT We bridge WAN and OPT1 and the servers set on the OPT1 port thus the servers have public IP addresses but are protected by the firewall makes sort of a DMZ with office PCs setting on the LAN PORT -- Gerald ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
Em 18-12-2012 15:39, Gerald Waugh escreveu: AFAIK there is no 1:1 NAT There is on 2.0.x. My first description of the problem was the correct setup, I may have missed something and it got working later. Thanks. -- Marcio Merlone ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
On 12/18/2012 11:56 AM, Marcio Merlone wrote: Em 18-12-2012 15:39, Gerald Waugh escreveu: AFAIK there is no 1:1 NAT There is on 2.0.x. My first description of the problem was the correct setup, I may have missed something and it got working later. Oh, I was thinking 1.2.x What was your problem? Or what did you do to get it working? -- Gerald ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] 1:1 NAT on pfSense 2.0.1
Em 18-12-2012 16:31, Gerald Waugh escreveu: On 12/18/2012 11:56 AM, Marcio Merlone wrote: Em 18-12-2012 15:39, Gerald Waugh escreveu: AFAIK there is no 1:1 NAT My first description of the problem was the correct setup, I may have missed something and it got working later. What was your problem? Or what did you do to get it working? Not sure, I guess pfsense was not default gateway for the internal server, or should have cleaned state tables. -- Marcio Merlone ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list