Hi guys
Consider this scenario if you will: HQ Network 192.168.10.0/24 Branch LAN Network 192.168.20.0/24 Branch Server Network 192.168.30.0/24
We have a site to site VPN between HQ and Branch, and both networks can communicate fine.
We need to get access to Branch Server Network from HQ. currently, the router between the branch LAN and Server networks does not have a static route or ACLs in place to allow HQ to communicate.
I have set up a pfSense router on a VM on Branch LAN. It has one interface so far, WAN, That has a static IP on Branch LAN.
Is it possible to set up NAT such that any traffic coming from 192.168.10.0/24 will appear to be the pfSense router, which has a branch LAN IP, and would then be able to access the branch Server Network?
It seems rather trivial: I set a static route in HQ's router for Branch Server Network pointed at our VPN router on HQ side.
That VPN router sees the Branch Server Network advertised by the Branch VPN router.
The branch VPN router has a static route for the Server Network pointing to pfSense.
pfSense has a static route to the server network through the router that separates the two branch networks.
I set up a Outbound NAT rule on pfSense so any traffic from HQ will be translated to the pfSense WAN interface.
I also set up firewall rules all along the way to allow the traffic.
I can ping all the way up to hq from pfSense, and back. I can ping the server network from the pfSense, but not from HQ or either of the VPN routers. Seems like I maybe have something misconfigured on the pfSense but I have never used it before so I'm not so familiar with it. Will this setup work with a single NIC on pfSense? It would not allow me to have two IP addresses in the same subnet on two NICs.
What am I missing here?!
No comments:
Post a Comment