Siste-to-Site VPN with source NAT

  • Hi there community.

    Looking for some assistance on getting traffic pass between a pfsense and a Juniper.
    The Site-to-Site tunnel is up and running and I was able to ping from one side of the tunnel to the other.
    After implementing Source-NAT I am unable to get across the VPN and ping the other site.

    pfsense Configuration PH1:
    Mutual PSK
    Mode Main
    Preshare Key Preshared
    DH group 2
    NAT Traversal Auto

    Configuration PH2:
    Tunnel IPv4
    Local Net
    Remote Net
    PFS off

    FW Rules
    eth2_LAN * * * * none

    eth2_LAN TCP/UDP * * * none
    eth2_LAN ICMP      * * * none TCP/UDP * * eth2_LAN * * none ICMP * * eth2_LAN * * none

    NAT Rules:
    Outbound: Mode AON
    1:1 IPsec *

    Other side configuration:
    PH 1
    Remote GW: Host_IP_Address

    PH 2
    Tunnel IPv4
    Proxy ID Trust-Trust

    I have attached a small diagram for more details.
    Thank you in advance for your assistance.

  • Anyone??

  • I think I have the same issue as you, and figured out the problem and a semi-workaround.

    Bug/Issue with NAT 1:1 rule operation on IPsec interface

Log in to reply