Netgate SG-1000 microFirewall

Author Topic: 1 to 1 NAT through IPsec  (Read 134 times)

0 Members and 1 Guest are viewing this topic.

Offline alex1756

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
1 to 1 NAT through IPsec
« on: December 29, 2017, 07:50:08 am »
Hi! I'm trying to make my servers on an internal network exit the firewall through an IPsec tunnel with a public IP.

I work at an ISP and have routed a /27 public network through an IPsec into my pfSense firewall at home. I've previously used FortiGate with policy-routing and virtual ips, but it doesn't seem to work the same way with pfSense.

On my P2 I've specified the /27 network as local subnet, and as remote subnet.

In NAT 1:1:
Interface: IPsec
External IP:
Internal IP:
Destination IP: *

I had to port forward ICMP with destination to to make my pings (from AWS) show up in tcpdump.
With NAT-reflection enabled, I can access the server with its public IP locally.

Outbound NAT is set to manual, with a mapping that says:
Interface: IPsec
Source port: *
Destination: *
Destination port: *
NAT address:
NAT port: *

Am I missing something? I've tried everything I could think of, and getting pretty frustrated.