Allowing / Denying traffic from / to IPsec VPN Site-to-Site with NAT/BINAT configured.



  • Hi everyone,

    I have a IPsec VPN Site-to-Site with NAT (NAT/BINAT translation) and I have somes doubts.

    The scheme is:

    LAN -- My Site -- WAN <---- (VPN IPsec) ----> WAN -- Remote Site -- LAN

    The Remote Site is insecure for me and I want control the traffic in My Site from / to Remote Site.

    Where I need add the rule to control the traffic from my LAN to the Remote Site LAN, considering that I have configured NAT/BINAT translation in My Site?

    Where I need add the rule to control the traffic from Remote Site LAN to my LAN, considering that I have configured NAT/BINAT translation in My Site?

    Best regards,

    Ramses


  • Rebel Alliance Developer Netgate

    NAT does not affect where the rules go.

    Rules for traffic originating from your LAN go on the LAN tab.

    Rules for traffic originating from the remote site over IPsec go on the IPsec tab.


Log in to reply