Netgate SG-1000 microFirewall

Author Topic: 1 to 1 NAT through IPsec  (Read 108 times)

0 Members and 1 Guest are viewing this topic.

Offline alex1756

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
1 to 1 NAT through IPsec
« on: December 29, 2017, 07:50:08 am »
Hi! I'm trying to make my servers on an internal network exit the firewall through an IPsec tunnel with a public IP.

I work at an ISP and have routed a /27 public network through an IPsec into my pfSense firewall at home. I've previously used FortiGate with policy-routing and virtual ips, but it doesn't seem to work the same way with pfSense.

On my P2 I've specified the /27 network as local subnet, and 0.0.0.0/0 as remote subnet.

In NAT 1:1:
Interface: IPsec
External IP: xxx.xxx.93.13
Internal IP: 172.16.0.65
Destination IP: *

I had to port forward ICMP with destination xxx.xxx.93.13 to 172.16.0.65 to make my pings (from AWS) show up in tcpdump.
With NAT-reflection enabled, I can access the server with its public IP locally.

Outbound NAT is set to manual, with a mapping that says:
Interface: IPsec
Source: 172.16.0.65
Source port: *
Destination: *
Destination port: *
NAT address: xxx.xxx.93.13
NAT port: *


Am I missing something? I've tried everything I could think of, and getting pretty frustrated.