2.0.3 LAN-to-LAN IPsec VPN with Overlapping Networks



  • I have a connection site2site with this parameters:

    Parameter of configuration
    Phase 1
    encryption aes-256
    authhentication SHA1
    DH Group 2 (1024bit)
    keylife 1440 minuti
    No aggressive mode

    Phase 2
    encryotion aes-256
    authhentication SHA1
    No PFS
    keylife 3600 seconds

    Site A
    Firewall: Pfsense 2.0.3-RELEASE (amd64)
    LAN network: 10.100.0.0/16
    DMZ network: 10.180.1.0/24

    I should use the  network 10.30.48.48 255.255.255.240 to NAT some servers on tunnel ipsec.

    Site B ( a big company)
    Firewall: Fortinet ??
    lan network: I don't know
    Remote LAN for tunnel ipsec: 10.159.48.48 255.255.255.240

    If I specify the 10.159.48.48 on Local Network for Ipsec tunnel the button for connection is missing…

    Is possible to use the network 10.30.48.48 for nat my servers (LAN o DMZ interface) on tunnel VPN ?
    How can I do this ?

    thank you for your support



  • Sorry I read just now that with the new release 2.1

    New features :  will be implemented on IPSEC  NAT before IPsec (1:1 or many:1) outbound.

    I think that with 2.0.3 is not possible to configure IPSEC with NAT. Is correct ?


  • Rebel Alliance Developer Netgate

    Correct, NAT+IPsec will only work on 2.1 using the NAT option in the Phase 2 settings.