NAT problem, multiple subnets and VPN tunnel

  • I cannot get this setup to work. Either I am doing some wrong or it is just not possible.

    2 pfSense, one as main router (A) och a separate one for IPSEC-tunnels (B). both running 2.1.5-RELEASE

    Main router has multiple VLANs on the inside (as well as WAN and DMZ on separate NICs).
    Main internal subnet is ( as IP).

    The other pfSense (tunnels) has an internal IP of and an external IP in the DMZ.
    I already have multiple tunnels up and running.
    Normally we add all internal networks (VLANs on main router) to the phase 2 on each tunnel and add static routes
    on the A pointing to B also has static routes pointing to for relevant subnets.
    This works fine (no problems).

    Now I have a new tunnel where I cannot add all the internal nets to the tunnel since those IP-ranges already are
    used on the remote site.
    I have set up a new VLAN [VLAN_303] ( on A and added static routes to B.
    Remote side of the tunnel is

    The network has no problem reaching

    But I also need clients in to reach

    I tried to add a NAT (I am already using "AON - Advanced Outbound NAT"):
    IF: VLAN_303, Source, Destination, NAT Address:

    But this doesn't seem to work? The traceroute just bounces the traffic between and
    and a traffic dump on the IPSEC-interface on B shows that the pings are comming from (for example) and not

    "Bypass firewall rules for traffic on the same interface" is set but it didn't make any differens when
    I unset this.

    Any thoughts?

Log in to reply