[SOLVED]How to exclude IPSec traffic from NAT properly



  • HI
    I configured IPSec tunnel between pfsense and ASA, and I find, that "answer" traffic from pfsense to ASA going to NAT (when I send icmp requests from ASA-side network I see only requests in packet capture, but otherside I see both packets when send ping from pfsense-side network)

    Now I have a autoconfigured rule "NAT from: LAN network to any", how to properly exclude ASA-side network from this rule?



  • SOLVED

    I forgot to add firewall rules
    firewall->rules->ipsec:
    add rule to allow traff from ASA-side to LAN