Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSEC routing and outbound NAT

    Scheduled Pinned Locked Moved IPsec
    1 Posts 1 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • dennypageD
      dennypage
      last edited by

      Hello,

      I'm having problems getting routing to work with a IPSEC tunnel.

      Here's what I have:

      LAN interface: 192.168.0.1/24
      WAN interface: 111.111.111.111/24
      Remote gateway: 222.222.222.222
      Remote IPSEC net: 10.0.0.0/8
      Local IPSEC net: 10.100.100.80/28

      pfSense version is 1.2-RC2.  Remote IPSEC device is a Cisco VPN concentrator.

      The intent is to have hosts on the LAN segment access hosts on the remote net with nat (similar to how hosts would access the internet).

      I have a virtual IP 10.100.100.81 set up on the WAN interface.
      I have AON enabled, and I have a NAT rule on the WAN interface for destination 10.0.0.0/8 with NAT address 10.100.100.81.
      For testing, I have a firewall rule for IPSEC that allows all packets from host 10.10.10.1 to any destination.

      If I ping 10.10.10.1 from a host on the LAN, nothing happens–the tunnel does not initiate.
      If I ping 10.100.100.81 from host 10.10.10.1, the tunnel successfully initiates, but no packets are sent to the LAN.

      In short, I cannot get pfSense to send packets through the tunnel.

      Suggestions anyone?

      Denny

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.