IPSec VPN - NAT to DMZ host



  • Hi,

    im fairly new with pfSense but got most of the stuff i need working.
    Now 1 item is giving me a headache and i hope someone can help.

    I got  a VPN from Home (Cisco cable modem with IPSec) to my Office (pfSense 2.1), which is working.
    At the Office,  i got a LAN and DMZ configured.
    Locally at the Office everything works, i made a nat rule from LAN to DMZ which is working.
    Now, the problem is that the NAT rule does not work over VPN, i can not access the server over VPN in my DMZ.

    I tried to create a 2nd NAT rule on the IPSec interface but that won't fix the problem (i checked firewall rules, they are created fine and the same works for the NAT rule from LAN to DMZ).

    So basicly, what it comes down to, this works:
    LAN 192.168.137.x NAT rule for 192.168.137.200 to 192.168.22.50 (DMZ)

    What  i need is this:
    IPSec Home -> Office LAN NAT > DMZ



  • you may need to add a second phase 2 entry for your ipsec tunnel that enables routing to that subnet

    screenshots of your IPSEC configuration from the pfsense side?


Log in to reply