Possible to translate incoming IPSEC addresses to router or network address(es)?



  • I have a working IPSEC between client and pfsense that can access the lan and browse via IPSEC:
    IPSEC client              pfsense                lan
    10.224.10.1-x  ->  10.224.1.2  ->  10.224.1.0

    The IPSEC client is seen on the lan as 10.224.10.#, but due to a restriction, I need them translated to either the router (10.224.1.2, old router does this) or preferably to a pool of local lan addresses. I tried using the nat/binat many different ways (subnet/single address, etc) but it never changed the IPSEC address. I tried other things I found but no luck.

    My questions are: Is this possible to do either with pfsense? If so, can someone point me in the right direction?  I obviously am missing something important.


Log in to reply