IPSEC BINAT questions



  • Hi,

    after establish a tunnel with one site doing a BINAT.  I am able to ping 192.168.200.1 from pfsense 192.168.3.1.
    In the states i see the NAT ip so it is working.

    LAN 192.168.3.0/24–(BINAT 192.168.123.0/24)--ipsec<->ipsec--LAN 192.168.200.0/24
    pfsense 192.168.3.1                                                                              pfsense 192.168.200.1

    The other direction ping the Pfsense with BINAT ip  (pfsense 192.168.123.1??) ist not possible.
    Maybe i am wrong;  should BINAT not working like that ? Or is some part missing ...

    regards max


  • Rebel Alliance Developer Netgate

    In your IPsec firewall rules, make sure you are passing to a destination of the post-NAT IP, 192.168.3.x



  • @jimp:

    In your IPsec firewall rules, make sure you are passing to a destination of the post-NAT IP, 192.168.3.x

    Is there somewhere I can read in the docs on what order firewall rules and nat rules, etc. are applied/evaluated?

    Thank you.