2.0.3 LAN-to-LAN IPsec VPN with Overlapping Networks

  • I have a connection site2site with this parameters:

    Parameter of configuration
    Phase 1
    encryption aes-256
    authhentication SHA1
    DH Group 2 (1024bit)
    keylife 1440 minuti
    No aggressive mode

    Phase 2
    encryotion aes-256
    authhentication SHA1
    No PFS
    keylife 3600 seconds

    Site A
    Firewall: Pfsense 2.0.3-RELEASE (amd64)
    LAN network:
    DMZ network:

    I should use the  network to NAT some servers on tunnel ipsec.

    Site B ( a big company)
    Firewall: Fortinet ??
    lan network: I don't know
    Remote LAN for tunnel ipsec:

    If I specify the on Local Network for Ipsec tunnel the button for connection is missing…

    Is possible to use the network for nat my servers (LAN o DMZ interface) on tunnel VPN ?
    How can I do this ?

    thank you for your support

  • Sorry I read just now that with the new release 2.1

    New features :  will be implemented on IPSEC  NAT before IPsec (1:1 or many:1) outbound.

    I think that with 2.0.3 is not possible to configure IPSEC with NAT. Is correct ?

  • Rebel Alliance Developer Netgate

    Correct, NAT+IPsec will only work on 2.1 using the NAT option in the Phase 2 settings.

Log in to reply