Rewrite LAN IP to access IPSEC remote site

Miro 0

Hello,
I have a pfSense WAN port connected to my router. pfSense IP is 192.168.1.120.
A provider sent me access to Ipsec VPN resources 195.80.240.0/20 that i need to access from computers in my router LAN.
The Ipsec phase 2 Local subnet is 195.80.241.80/30 - this is requirement by the vpn provider and i can not ask for change.
I configured a computer in router's LAN with IP 192.168.1.101 in windows 10 by adding static route

route -p add 195.80.240.0 mask 255.255.240.0 192.168.1.120

When i ping for example 195.80.253.78 from 192.168.1.101 the icmp packet reaches the WAN on pfSense but does not get reply.

Is it possible to forward all traffic to 195.80.240.0/20 through the tunnel and rewrite source ip 192.168.1.101 to 195.80.241.81?

I tried adding Firewall > Virtual IPs 195.80.241.81/32 on WAN interface and then from Diagnostics > Ping i can ping it fine after selecting source address 195.80.241.81 which i entered in Virtual IPs

viragomann

@Miro-0
You can do this in the IPSec phase 2.
At "NAT/BINAT translation" select address and enter the desired IP to nat the traffic.

Miro 0

@viragomann thank you for the reply. I will try it.

Miro 0

I confirm it works when i set 195.80.241.81/32 in NAT/BINAT. Thank you.