Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allowing / Denying traffic from / to IPsec VPN Site-to-Site with NAT/BINAT configured.

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 178 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ramses.sevilla
      last edited by

      Hi everyone,

      I have a IPsec VPN Site-to-Site with NAT (NAT/BINAT translation) and I have somes doubts.

      The scheme is:

      LAN -- My Site -- WAN <---- (VPN IPsec) ----> WAN -- Remote Site -- LAN

      The Remote Site is insecure for me and I want control the traffic in My Site from / to Remote Site.

      Where I need add the rule to control the traffic from my LAN to the Remote Site LAN, considering that I have configured NAT/BINAT translation in My Site?

      Where I need add the rule to control the traffic from Remote Site LAN to my LAN, considering that I have configured NAT/BINAT translation in My Site?

      Best regards,

      Ramses

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        NAT does not affect where the rules go.

        Rules for traffic originating from your LAN go on the LAN tab.

        Rules for traffic originating from the remote site over IPsec go on the IPsec tab.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.