Hi,
my setup is the following: Site A: Lan: 192.168.100.0/24 Lan_IP: 192.168.100.1 Transfer: 10.2.81.0/24 Transfer_IP: 10.2.81.1 Site B: Lan: 10.2.82.0/24 Lan_IP: 19.2.82.1 I'm doing a site-to-site IPsec wich is working. I can ping from both routers (pfsense, juniper) to each other (10.2.81.1 <-> 10.2.82.1) but not from the clients in my LAN (192.168.68.x <-> 10.2.82.x). I'm now trying to setup a Transfer-Net with NAT / BINAT routing: Site B should reach the clients on site A via an 10.2.81.x ip-address and not via an 192.168.100.x ip-address. So i want to map 10.2.81.0/24 <-> 192.168.100.0/24. First i tried to do this via the NAT/BINAT setting inside the IPsec settings: Site A IPsec Phase2 Local Network: 192.168.100.0/24 NAT/BINAT translation: 10.2.81.0/24 Remote Network: 10.2.82.0/24 That didn't work and i tried the same thing with 1:1 NAT from the Firewall tab: Site A External subnet IP 10.2.81.0 Internal IP: 192.168.100.0/24 Destiantion: 10.2.82.0/24 No matter which mapping i choose, if i try to ping from 192.168.100.x to 10.2.82.x, pfsense routes the request through the WAN interface instead of the IPsec / Transfer-Net Interface. How can i tell pfsense to route the traffic from my Lan through the IPsec tunnel (not WAN) and do the NAT? Thanks Greets Kilian _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
