IPSEC Tunnel from LAN to Virtual Server

  • Let me start by saying, I am a networking amateur, so pls, be gentle.

    I need some help with a config for an IPSEC Tunnel, and I am hoping someone here has done this kind of thing before.

    Basically, we have a customer who cannot access a WAN address at our site from inside of their LAN.   They have the ability to setup and IPSEC Tunnel though, so I was hoping to use this to get them where the need to go.

    So here is the ultimate goal.  They have an LAN IP setup that when hit, generates interesting traffic and opens the ipsec tunnel to us.   All of this works, I see the tunnel come up and all looks good.   Here is where I get lost.   I do not want them to connect to a LAN address at our site (we both use the same network space on our LAN sides).   Instead I want them to hit  a Virtual Server WAN address configured on the same pfsense firewall, that will in turn, NAT and load balance to our internal Addresses.  So I will diagram it below as best as I can.

    CLIENT LAN IP ===> CISCO DEVICE ===>  internet/tunnel ===> pfsense device ===> Virtual server address on WAN IP of pfsense device ===> NAT ===> OUR LAN ADDRESS

    I have it working all the way up to the virtual server address, but the traffic never seems to get to the virtual server.  It seems to die at the pfsense device after the IPSEC tunnel comes online.   I have allow all rule in place for IPSEC, and I don't see any packets being dropped.

    Any suggestions?


  • I have a similar setup and am having the exact same problem…anyone out there have suggestions?

Log in to reply