On Mon, Jul 19, 2010 at 1:04 PM, Matthias Niggemeier <m...@thias.de> wrote: > Hi there, > I have to configure IPSec to a customers site using pfSense 1.2.3. Normally > not a big problem, but this is the first time I need to do NAT over VPN; > i.e. the customer gives us only one ip address for the gateway, the rest has > to be natted behind this. > As I searched through the list, I found that this is not possible with > pfSense. (still true?)
Yes. The only option, if you must use IPsec (OpenVPN can NAT no problem), is to add a second firewall. It can be pfSense, usually when we set this up we use a VM inside the network which handles the NAT, then the primary firewall handles the IPsec. You just can't do both on the same system because of the way IPsec processing functions in FreeBSD. --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
