1:1 NAT within Hub and Spoke IPsec VPN setup

  • Hi,
    following situation:
    Main Location ( has two IPsec VPN connections.
    First IPsec VPN is to a sub location (
    Both endpoints are pfSense (Cluster) owned and managed by us.
    Second IPsec VPN ( is to a data centre, firewall is not owned by us, every change is complicated an very expensive.
    Now i need to get access through VPN from sub location ( to some servers in the data centre (

    for testing i have done as far:
    1. created an  IP alias ( on firewall at main location
    2. created a 1:1 NAT



    [tested all NAT reflection types]
    3. set proper rules (I hope so) with logging.

    reaching the host in the data centre ( by IP from the net is no problem, but i don't get a connection from the network.

    any hints or help how to resolve this issue ?


Log in to reply