PfSense to Cisco ASA VPN NAT Not Working

  • Greetings,

    I searched the forums for a similar problem and haven't found one I understand.

    The gist:

    We have a client with a Cisco ASA and we have a pfSense router with firmware version 2.1.2. I have the Phase 1 tunnel setup and connected. The Phase 2 with NAT seems to be the problem.

    The client uses the same subnet we do internally ( and requested that I NAT > – our internal server; the server I'm trying to communicate with on the Cisco ASA side is

    So, Phase 1 works and the tunnel is up.

    Local IP:
    Remote IP

    Suggested NAT: >

    The client says that they can see packets leave their side, but they're not returned.

    IPsec: SPD

    Source Destination Direction Protocol Tunnel endpoints ESP X.X.X.X -> X.X.X.X ESP X.X.X.X -> X.X.X.X ESP X.X.X.X -> X.X.X.X

    I greatly appreciate any assistance with this problem.

    I can't seem to attach screenshots without the post failing.

  • For some reason the IP address I used initially wouldn't connect to the remote side. I changed the IP and we now have a working tunnel, except that the remote side cannot ping nor communicate with mine via NAT. I can ping and talk to their side, but not them to mine.

    I have IPsec firewall rules that allow everything just to eliminate that part.

    IPv4 TCP/UDP * * * * * none    
    IPv4 ICMP * * * * * none

    I have an IPsec NAT:

    IPsec X.X.X.X

    For Phase 2 I have:

    Local Network: LAN Subnet
    NAT/BINAT: Address
    Remote Network:

    The remote side has a subnet on their LAN the same as our so we need to NAT

    Is there something really obvious I'm missing? I feel dumb and frustrated.