mirror of
https://github.com/opnsense/docs
synced 2024-10-30 21:20:20 +00:00
Add article for BINAT with IPSEC like in core/#440 (#12)
This commit is contained in:
parent
354a99c883
commit
e13e465a4b
BIN
source/manual/how-tos/images/opnsense_nat_binat_ipsec.png
Normal file
BIN
source/manual/how-tos/images/opnsense_nat_binat_ipsec.png
Normal file
Binary file not shown.
After Width: | Height: | Size: 22 KiB |
18
source/manual/how-tos/ipsec-s2s-binat.rst
Normal file
18
source/manual/how-tos/ipsec-s2s-binat.rst
Normal file
@ -0,0 +1,18 @@
|
|||||||
|
===============
|
||||||
|
IPSec BINAT
|
||||||
|
===============
|
||||||
|
|
||||||
|
Assume company A has local LAN 10.0.1.0/24 and company B has local LAN 10.0.2.0/24.
|
||||||
|
Also we assume that on both sides the other networks are already in use, e.g. in company A the network 10.0.2.0/24 is used for Voice and in company B network 10.0.1.0/24 is used for Guest Wifi.
|
||||||
|
|
||||||
|
We have to define new networks for the Phase 2 with unused ones and create NAT entries to reach the final systems.
|
||||||
|
|
||||||
|
To make it easier we create a Phase with company A using 192.168.1.0/24 and company B using 192.168.2.0/24.
|
||||||
|
Now we need to add on each side the local LAN in the field "Manual SPD entries". So for company A we set 10.0.1.0/24 in the field and for B 10.0.2.0/24.
|
||||||
|
This allows the NAT process to speak with the Security Policy Database.
|
||||||
|
|
||||||
|
Finally we have to create NAT entries since a client in LAN A (10.0.1.10) tries to reach 192.168.2.10, but this address has to be rewritten to 10.0.2.10 on Firewall B.
|
||||||
|
|
||||||
|
Create the rule like in the screenshot and vice versa on Firewall A:
|
||||||
|
|
||||||
|
.. image:: images/opnsense_nat_binat_ipsec.png
|
@ -66,6 +66,10 @@ IPsec Site-to-Site
|
|||||||
-----------------------
|
-----------------------
|
||||||
:doc:`how-tos/ipsec-s2s`
|
:doc:`how-tos/ipsec-s2s`
|
||||||
|
|
||||||
|
IPsec Site-to-Site with BINAT
|
||||||
|
-----------------------
|
||||||
|
:doc:`how-tos/ipsec-s2s-binat`
|
||||||
|
|
||||||
OpenVPN/SSL Road Warrior
|
OpenVPN/SSL Road Warrior
|
||||||
------------------------
|
------------------------
|
||||||
:doc:`how-tos/sslvpn_client`
|
:doc:`how-tos/sslvpn_client`
|
||||||
|
Loading…
Reference in New Issue
Block a user