<![CDATA[Question on IPsec Phase 2 NAT]]>

<![CDATA[Question on IPsec Phase 2 NAT]]>I read this: https://docs.netgate.com/pfsense/en/latest/vpn/ipsec/nat-with-ipsec-phase-2-networks.html

Did I understand it correctly?

If I want someone else to have an IPsec tunnel into my pfSense I can give them whatever subnet address they want, for instance 10.10.10.0/24, if I use binary 1:1 NAT?

Does that also mean that I can have several IPsec tunnels using the same subnet address, for instance 10.10.10.0/24 that I will NAT into other real IP addresses?

Example:
Link 1: IPsec tunnel connects to 10.10.10.0/24 but real IPs are 192.168.1.0/24.
Link 2: IPsec tunnel connects to 10.10.10.0/24 but real IPs are 192.168.2.0/24.

Thanks in advance!

]]>https://forum.netgate.com/topic/153267/question-on-ipsec-phase-2-natRSS for NodeSat, 14 Mar 2026 02:44:29 GMTTue, 05 May 2020 13:17:41 GMT60