VPN Lan NAT



  • Ok I have a client that we are replacing there ASA with PFSense due to the added features and more VPN thru put. Issue i have is they VPN all 6 locations back to a hosting company only issue is one of the sites uses dynamic nat to change there 192.1.1.0/24 network to 192.1.10.0/24 network. I have Manual Nat setup on the WAN with source 192.1.1.0/24 destination 10.0.0.0/24 and i have a virtual ip network on 192.1.10.0/24 to be nat'd to. I have the VPN on the unit set to sourse 192.1.10.0/24 to destination 10.0.0.0/24. I cant get the VPN tunnel to come active so thats telling me that its not doing the local nat. any suggestions.


  • Rebel Alliance Developer Netgate

    You can't NAT on IPsec tunnels like that with pfSense.

    There was a bounty to add that feature (http://forum.pfsense.org/index.php/topic,14650.0.html) but it was withdrawn before it could be completed.

    You'd have to renumber their network to 192.168.10.x to make it work.


Log in to reply