No NAT Rule over IPSEC

  • If I'm running in Manual Outbound NAT mode, when I create IPSEC tunnels do I have to manually create NAT rules specifying "Do not NAT" to make sure my traffic isn't NAT'd.

    In the Cisco world you always want to make sure you aren't nat'ing traffic over your tunnel.

    Nothing I've read on pfSense mentions it though so figured I'd ask.

  • pfSense doesn't NAT traffic sent over IPsec.

    (in fact it couldn't NAT before IPsec even if you wanted to, due to limitations of the underlying FreeBSD/pf software)

Log in to reply