Hello all,
Let me preface this email by saying that I already have a working
firewall (OpenRoute GT900) performing this function quite nicely.
I have a case where I need to set up a IPSEC VPN to a rather large
vendor that has assigned us a LAN address space of their choosing. On
our side we already have a LAN ip scheme.
Our current scheme is 10.0.1.0/24
The address scheme assigned by our vendor: 10.201.8.112/28
I have additional lan addresses setup on Windows machines.
On the OpenRoute I simply added a second LAN address to the interface
and set up the route on the windows host with additional interfaces to
route to the Vendor's ip address block (which is at the other end of the
tunnel) via the second address on the LAN interface of the router.
I tried to add a virtual ip address (type: other) to the LAN interfaceof
the pfsense box and then tried to ping it from a lan machine that had
the correct set of addresses on it and I'm not getting any response from
the pfsense box. All other boxes that have addresses assigned to
10.201.8.112/28 can ping all other hosts on the 10.201.8.112/28 subnet
except the pfsense box.
I need to setup the tunnel to route to the small subnet from the
protected block at the other end.
configuration should be.
peer: public ip address of vendors vpn concentrator
destination route 66.241.41.0/24
local subnet: 10.201.8.112/28
default local lan: 10.0.1.0/24
the physical LAN is the same.
Am I doing something wrong in the pfsense config or is pfsense not
capable of this arrangement? If its the latter, I understand and will
purchase another NIC to make it happen.
Thanks in advance,
Curtis Maurand
