IPSec with subnet natting

  • Hi all,

    for one of our customers we should setup a new IPSec VPN tunnel.
    Goal is simple, configuration looks a bit confusing.

    Our subnet:
    Remote subnet:

    Till here, no problems.
    But the customer site has a policy that they cannot route a They have to use a /24 in the set.
    So we have been assigned

    PhaseII our side :
    our subnet:
    remote subnet:

    PhaseII cust side :
    our subnet:
    remote subnet:

    We should manage to NAT the whole subnet from to
    Is this possible? How can this be done?
    Use Virtual IP option? And do a 1:1 and outbound nat?

    Attached : Visio PDF to clear out things.


  • Maybe this can be done with virtual ip's and manual outbound nat.

  • Lack of NAT before IPsec is one of the known limitations of pfSense …

    Check 2009 discussion here http://freebsd.1045724.n5.nabble.com/IPSec-nat-on-enc-device-td4023490.html

  • :P Ofcourse I forgot this.. then you must have two devices(one doing natting and another doing vpn) or think another solutions