Siste-to-Site VPN with source NAT
-
Hi there community.
Looking for some assistance on getting traffic pass between a pfsense and a Juniper.
The Site-to-Site tunnel is up and running and I was able to ping from one side of the tunnel to the other.
After implementing Source-NAT I am unable to get across the VPN and ping the other site.pfsense Configuration PH1:
Mutual PSK
Mode Main
Preshare Key Preshared
AES128
SHA1
DH group 2
NAT Traversal AutoConfiguration PH2:
Tunnel IPv4
Local Net 10.19.20.0/22
NAT/BITNAT 10.3.8.0/22
Remote Net 10.3.8.0/22
AES128
SHA1
PFS offFW Rules
eth2_LAN * * * * noneIPsec
eth2_LAN TCP/UDP * 10.3.8.0/22 * * none
eth2_LAN ICMP * 10.3.8.0/22 * * none
10.3.8.0/22 TCP/UDP * * eth2_LAN * * none
10.3.8.0/22 ICMP * * eth2_LAN * * noneNAT Rules:
Outbound: Mode AON
1:1 IPsec 10.3.8.20/22 10.19.20.0/22 *Other side configuration:
PH 1
Remote GW: Host_IP_Address
pre-g2-aes1128-shaPH 2
Tunnel IPv4
nopfs-esp-aes128-sha
Proxy ID Trust-Trust 10.19.20.0/22-10.3.8.0/22I have attached a small diagram for more details.
Thank you in advance for your assistance.
-
Anyone??
-
I think I have the same issue as you, and figured out the problem and a semi-workaround.
Bug/Issue with NAT 1:1 rule operation on IPsec interface
https://forum.pfsense.org/index.php?topic=126289.0