Port Forwarding and NATing over IPsec VPN



  • Hello everyone,

    in my company we have multiple sites. The problem is that we can't open the ports we want in every site. We have a central PfSENSE in the cloud and it's working great giving the ability to connect all the different sites to the company. We are using IPsec 'cause of the better performance it gives. The main problem is that we want to be able to port forward some requests on the WAN interface to a remote server on a remote site over IPsec.
    We created a port forwarding rule to port forward the traffic on a specific port on the WAN interface to the remote server (and another port on that server). IPsec isn't set to permit 0.0.0.0/0 traffic so we natted the traffic on the ipsec interface so that the traffic can be routed inside the ipsec tunnel.

    After testing, we realized that we could connect from the PfSense to the remote server and that the request were received on the WAN interface but they couldn't be forwarded to remote server.

    Could you please give me any idea to resolve the problem and ensure that the port forwarding is working correctly.

    OpenVPN isn't the best solution for us but if you have a suggestion using OpenVPN and IPsec at the same time between the two sites it may be interesting.
    Thanks to all of you in advance.


Log in to reply