<![CDATA[Siste-to-Site VPN with source NAT]]>Hi there community.

Looking for some assistance on getting traffic pass between a pfsense and a Juniper.
The Site-to-Site tunnel is up and running and I was able to ping from one side of the tunnel to the other.
After implementing Source-NAT I am unable to get across the VPN and ping the other site.

pfsense Configuration PH1:
Mutual PSK
Mode Main
Preshare Key Preshared
AES128
SHA1
DH group 2
NAT Traversal Auto

Configuration PH2:
Tunnel IPv4
Local Net 10.19.20.0/22
NAT/BITNAT 10.3.8.0/22
Remote Net 10.3.8.0/22
AES128
SHA1
PFS off

FW Rules
eth2_LAN * * * * none

IPsec
eth2_LAN TCP/UDP * 10.3.8.0/22 * * none
eth2_LAN ICMP      * 10.3.8.0/22 * * none
10.3.8.0/22 TCP/UDP * * eth2_LAN * * none
10.3.8.0/22 ICMP * * eth2_LAN * * none

NAT Rules:
Outbound: Mode AON
1:1 IPsec 10.3.8.20/22 10.19.20.0/22 *

Other side configuration:
PH 1
Remote GW: Host_IP_Address
pre-g2-aes1128-sha

PH 2
Tunnel IPv4
nopfs-esp-aes128-sha
Proxy ID Trust-Trust 10.19.20.0/22-10.3.8.0/22

I have attached a small diagram for more details.
Thank you in advance for your assistance.
Site-to-Site.png
Site-to-Site.png_thumb

]]>https://forum.netgate.com/topic/104762/siste-to-site-vpn-with-source-natRSS for NodeSun, 19 Apr 2026 23:41:27 GMTMon, 29 Aug 2016 21:17:41 GMT60<![CDATA[Reply to Siste-to-Site VPN with source NAT on Mon, 27 Feb 2017 16:36:59 GMT]]>I think I have the same issue as you, and figured out the problem and a semi-workaround.

Bug/Issue with NAT 1:1 rule operation on IPsec interface
https://forum.pfsense.org/index.php?topic=126289.0

]]>https://forum.netgate.com/post/682960https://forum.netgate.com/post/682960Mon, 27 Feb 2017 16:36:59 GMT<![CDATA[Reply to Siste-to-Site VPN with source NAT on Wed, 31 Aug 2016 22:22:04 GMT]]>Anyone??

]]>https://forum.netgate.com/post/647239https://forum.netgate.com/post/647239Wed, 31 Aug 2016 22:22:04 GMT