1:1 Nat over IPSec - no networks found

  • (1:1Nat) (1:1Nat)
    My network is
    Pfsense firewall

    —established IPSec VPN —

    CiscoASA (1:1Nat) (1:1Nat)
    Remote network is

    All IPSec firewall rules on my end are any any for testing

    Outbound nat is working setup by default. and are using the pfsense LAN as gateway and have internet access.


    Although the IPSec tunnel is connected and the logs look clean with no errors, pfsense on my end cannot ping or see any hosts on the other side.


    Ping from to
    TCPdump looking at icmp shows pings going out the internet and timing out. Doesn’t look like it’s using the tunnel. Seems obvious to me since there’s no routing to which is my next point

    I’ve setup IPSec tunnels between two Cisco devices and either a routing protocol or static routes were needed otherwise the gateway doesn’t know where it is..

    I checked the routing table on the pfsense and it doesn’t show anything about the remote network of which makes sense why the pings are heading to the moon.

    Tried setting up a static route but the only options are lan and wan, which obviously isn’t the answer, so it thought I’d make a gateway on the other side of the tunnel for destination networks, but basically routing is pointless when the gateway (my pfsense) can’t even see the networks anyway.

    I’m missing something and it seems silly. I can send config pics or logs as needed. Any help is appreciated. Thanks

  • Figured it out! It was a mixup on the ip's configured in the Phase 2 network settings, when using the BiNat feature.

Log in to reply