Inner NAT thru IPsec tunnel won't establish connection, confused about gateway

  • Hi,

    I'm trying to gather some servers in an inner sanctum, use NAT to hide them, and permit other locations (stores) that are connected with this location (offices) thru secure tunnels to have access to very limited services thru the tunnel and NAT mappings of an inside firewall.

    LAN is and has a tunnel to another location at  I need to put some servers within an inner LAN (CDE for PCI compliance) and am trying to put it at with its inner LAN being

    So when I try to establish a connection from a host in the remote location to VNC within the fortress, for example, with a NAT rule to map .1.112:5900 in to .130.112 I get a crossed up pair of states, and no session:

    tcp ->                                 ESTABLISHED:SYN_SENT

    We've got pfsense firewalls throughout so here's the time to also say thanks to the whole community.  It's the first problem I've had to post.

    I've looked thru all the advanced options and Googled the heck out of it, and I'm past my level of knowledge.  Can anyone help with a hint or point me in a direction?


  • The subnet specified for the WAN side of the inner firewall should have been  Once I fixed that, all is well.  Problem fixation.

    Thanks to all,

Log in to reply