IPSec connection with NAT/BINAT translation

  • Hi,
    I need help to create an IPSec tunnel between 2 Networks.
    Remote network:
    My local network:
    It is not possible to route from the remote network into my local because this network is already in use.
    So I want to use the Network as natting-Network.
    The IPSec connection is established, but I cannot ping the host from the pfsense or ping in the other direction the whicht should be translated into>My pfsense LAN-IP

    Thats what I thought should do the natting:


    I am missing anything? Im pretty sure that I allow everthing in my Firewallrules.

    Some weeks ago I solved a similar Problem on a Sophos Firewall with 1:1 nat-Rules - maybe I understand the NAT/BINAT-Rule in pfsense IPSec wrong and have to add Rules under Firewall->NAT?

    Many thanks for your in advance,

  • @aleksunil
    show phase 2 settings on the other side of the tunnel.

  • LAYER 8 Netgate

    That looks fine.

    The other side will create a tunnel for:


    There will be a 1:1 mapping between and on your side

    If you connect from on your side they will see if coming from source on their side.

    If they connect to they will actually get on your side.

    You cannot ping the address directly because it does not actually exist on the firewall itself. It is only used for NAT through IPsec. You will have to test using traffic that is actually flowing through IPsec.

    Pinging from the other side (which will actually ping on your firewall) should work as long as it is allowed by the firewall rules on your end and you are sourcing it from something in on their end.

Log in to reply