Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port Forwarding to a Server on the Opposite Side of an IPSec Site-to-Site VPN

    NAT
    2
    2
    345
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      greatrocket
      last edited by

      Here is the image.
      NAT.png
      I want to NAT port forward from pfSense WAN 1.2.3.4:1111 to server 192.168.1.100:80.
      However, the router on the other side drops the packets due to asymmetric routing.
      So, I have to NAT to somewhere within pfSense first, and then port forward again to server 192.168.1.100.
      The question is, how can I achieve this? Or is my entire concept flawed?

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @greatrocket
        last edited by

        @greatrocket
        IPSec seems not to be the best choice to realize this. However, yes, you should be able NAT (masquerade) the traffic to get the forwarding work, which means, you loose information about the origin source IP. But I would do this on the internal interface of the other sites router.

        If you want to do it on pfSense, you will have to configure this in the IPSec phase 2. But not sure if this will work without if you do the settings only on one site. But you can try.
        Assuming you habe a policy based phase 2 already to connect the both local networks.
        A "Local Network" enter 0.0.0.0/0, at "NAT/BINAT translation" state an unused address out of the LAN. At "Remote Network" enter 192.168.1.100.
        Move this p 2 up to the top.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.