Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Rewrite LAN IP to access IPSEC remote site

    Scheduled Pinned Locked Moved NAT
    4 Posts 2 Posters 307 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Miro 0
      last edited by

      Hello,
      I have a pfSense WAN port connected to my router. pfSense IP is 192.168.1.120.
      A provider sent me access to Ipsec VPN resources 195.80.240.0/20 that i need to access from computers in my router LAN.
      The Ipsec phase 2 Local subnet is 195.80.241.80/30 - this is requirement by the vpn provider and i can not ask for change.
      I configured a computer in router's LAN with IP 192.168.1.101 in windows 10 by adding static route

      route -p add 195.80.240.0 mask 255.255.240.0 192.168.1.120
      

      When i ping for example 195.80.253.78 from 192.168.1.101 the icmp packet reaches the WAN on pfSense but does not get reply.

      Is it possible to forward all traffic to 195.80.240.0/20 through the tunnel and rewrite source ip 192.168.1.101 to 195.80.241.81?

      I tried adding Firewall > Virtual IPs 195.80.241.81/32 on WAN interface and then from Diagnostics > Ping i can ping it fine after selecting source address 195.80.241.81 which i entered in Virtual IPs

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @Miro 0
        last edited by

        @Miro-0
        You can do this in the IPSec phase 2.
        At "NAT/BINAT translation" select address and enter the desired IP to nat the traffic.

        M 1 Reply Last reply Reply Quote 1
        • M
          Miro 0 @viragomann
          last edited by

          @viragomann thank you for the reply. I will try it.

          1 Reply Last reply Reply Quote 0
          • M
            Miro 0
            last edited by

            I confirm it works when i set 195.80.241.81/32 in NAT/BINAT. Thank you.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.