Archives
/
opensense-docs
mirror of https://github.com/opnsense/docs
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

Update ipsec-s2s-binat.rst (#333)

Browse Source
pull/335/head
Michael 3 years ago committed by GitHub
parent 29f441555c
commit 05e0e763d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 0 additions and 6 deletions
Show Stats Download Patch File Download Diff File

6
source/manual/how-tos/ipsec-s2s-binat.rst
Unescape Escape View File

@ -51,12 +51,6 @@ This allows the NAT process to speak with the Security Policy Database.
Finally we have to create NAT entries since a client in LAN A (10.0.1.10) tries to reach 192.168.2.10, but this address has to be rewritten to 10.0.2.10 on Firewall B.
.. Note::
When using multiple phase 2 entries per tunnel, NAT before IPsec is not supported due to the fact that our SP database doesn't know which entry to send the traffic to.
For more context, please refer to `setkey <https://www.freebsd.org/cgi/man.cgi?query=setkey>`__ and this `ticket <https://github.com/opnsense/core/issues/2173>`__ on GitHub
Create the rule like in the screenshot and vice versa on Firewall A:
.. image:: images/opnsense_nat_binat_ipsec.png

Write Preview
Loading…
Cancel
Save