Siste-to-Site VPN with source NAT

00Bits11

Hi there community.

Looking for some assistance on getting traffic pass between a pfsense and a Juniper.
The Site-to-Site tunnel is up and running and I was able to ping from one side of the tunnel to the other.
After implementing Source-NAT I am unable to get across the VPN and ping the other site.

pfsense Configuration PH1:
Mutual PSK
Mode Main
Preshare Key Preshared
AES128
SHA1
DH group 2
NAT Traversal Auto

Configuration PH2:
Tunnel IPv4
Local Net 10.19.20.0/22
NAT/BITNAT 10.3.8.0/22
Remote Net 10.3.8.0/22
AES128
SHA1
PFS off

FW Rules
eth2_LAN * * * * none

IPsec
eth2_LAN TCP/UDP * 10.3.8.0/22 * * none
eth2_LAN ICMP * 10.3.8.0/22 * * none
10.3.8.0/22 TCP/UDP * * eth2_LAN * * none
10.3.8.0/22 ICMP * * eth2_LAN * * none

NAT Rules:
Outbound: Mode AON
1:1 IPsec 10.3.8.20/22 10.19.20.0/22 *

Other side configuration:
PH 1
Remote GW: Host_IP_Address
pre-g2-aes1128-sha

PH 2
Tunnel IPv4
nopfs-esp-aes128-sha
Proxy ID Trust-Trust 10.19.20.0/22-10.3.8.0/22

I have attached a small diagram for more details.
Thank you in advance for your assistance.

Site-to-Site.png_thumb

00Bits11

Anyone??

HunterWare

I think I have the same issue as you, and figured out the problem and a semi-workaround.

Bug/Issue with NAT 1:1 rule operation on IPsec interface
https://forum.pfsense.org/index.php?topic=126289.0