Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec VPN - NAT to DMZ host

    Scheduled Pinned Locked Moved NAT
    2 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      StefanK
      last edited by

      Hi,

      im fairly new with pfSense but got most of the stuff i need working.
      Now 1 item is giving me a headache and i hope someone can help.

      I got  a VPN from Home (Cisco cable modem with IPSec) to my Office (pfSense 2.1), which is working.
      At the Office,  i got a LAN and DMZ configured.
      Locally at the Office everything works, i made a nat rule from LAN to DMZ which is working.
      Now, the problem is that the NAT rule does not work over VPN, i can not access the server over VPN in my DMZ.

      I tried to create a 2nd NAT rule on the IPSec interface but that won't fix the problem (i checked firewall rules, they are created fine and the same works for the NAT rule from LAN to DMZ).

      So basicly, what it comes down to, this works:
      LAN 192.168.137.x NAT rule for 192.168.137.200 to 192.168.22.50 (DMZ)

      What  i need is this:
      IPSec Home -> Office LAN NAT > DMZ
      image.png
      image.png_thumb

      1 Reply Last reply Reply Quote 0
      • M
        mattb253
        last edited by

        you may need to add a second phase 2 entry for your ipsec tunnel that enables routing to that subnet

        screenshots of your IPSEC configuration from the pfsense side?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.