Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Ipsec nat problem

    Scheduled Pinned Locked Moved IPsec
    5 Posts 4 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dieghe
      last edited by

      Hi,

      I set up a IPSEC VPN through my pfSense 2.0.1-RELEASE and a Cisco ASA. I configured phase 1 and phase 2 in the correct way and the tunnel is working fine. What I cannot do is to nat the local network addresses to my lan addresses.

      This is the configuration:

      Local network is 120.40.120.0/24
      Remote network is 100.50.100.0/21
      My LAN is 10.0.100.0/24
      Once connected, the correspondance should then be, i.e.: 120.40.120.150 –> 10.0.100.150

      How do I make this work? Should I make a 1:1 nat? And how?

      Thank you very much for any help!

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        NAT+IPsec does not work in 2.0.x.
        It was recently added to 2.1, you can make it work there (there is an extra box in the Phase 2 config to define a NAT network)

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • D
          dieghe
          last edited by

          Ok, I will wait for a stable version of 2.1 then. Thanks for your help.

          1 Reply Last reply Reply Quote 0
          • T
            themr0c
            last edited by

            Hi,

            (my first post here)

            I am currently finishing the setup of the new firewall for my company, now it's running 2.0 where we lack the NAT+IPSEC feature.

            Should I consider the builtin feature in 2.1 as more/less/equally reliable as the 2 boxes setup with 2.0?
            Should I consider the option to run 2.1 instead of 2.0 as a good, riskless option?

            My additional question would be : on a multi-WAN setup, is it possible with 2.1 to have redundant IPSEC connections, one using each WAN, but with same remote endpoint ?

            1 Reply Last reply Reply Quote 0
            • E
              eri--
              last edited by

              2.1 is stable now days.
              Just some snapshot might have issues due to how snapshot work and development going on.

              For the ipsec HA setup you would need different remote ip addresses since its still not possible to bind ipsec to a failover group or assign same remote peer to 2 different tunnels.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.