Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPSec & NAT

    Scheduled Pinned Locked Moved NAT
    4 Posts 3 Posters 948 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dsvj1977
      last edited by

      Hi everyone!

      I have a situation, and I hope this is the right place to ask the question!  If not, please kick me repeatedly and shove to the right area.

      I have an IPSec tunnel setup, my endpoint IP being 10.42.10.255.  The remote endpoint IP is 10.42.10.254.  I need to create a NAT rule, as the machine I need to access on the other end is 172.20.50.243.  My local LAN subnet is 192.168.1.0/24.  Where is in pfSense would I start to solve this issue?

      Thanks,
      Daryl

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        How did you come up with the idea that you need the NAT?

        1 Reply Last reply Reply Quote 0
        • P
          phil.davis
          last edited by

          With the right remote networks specified across the VPN tunnel, and firewall rules that pass the traffic, traffic will be routed fine. There is no need for NAT.

          As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
          If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

          1 Reply Last reply Reply Quote 0
          • D
            dsvj1977
            last edited by

            Well, it turns out the information originally provided to me was incorrect, and helps to answer why doktornotor questioned the validity of needing NAT! :)

            Turns out my local IP will be 172.20.50.243.
            There are 2 machines I am accessing on the other end, and they are 10.42.10.254 and 10.42.10.255.  I need to NAT from 192.168.1.0/24 to 172.20.50.243, as the other end rejects the connection otherwise.

            Does any of this make sense?

            Thanks,
            Daryl

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.