How to NAT behind public IP on pFsense before IPSEC to Cisco ASA?

Question

I have two networks: Local 192.168.1.0/24 and Remote 10.8.8.8/24.

On the local network I have installed pFsense as gateway. On the remote network there is a Cisco ASA that I don't have control over. (It's a hosting company's.)

They're saying that I have to masquerade my all local traffic under my public IP address for proper tunnel work. I have no idea how to do it.

I've tried to use a virtual IP, but pFsense does not allow me to use my public IP address as virtual.

As I understand it, IPSEC hits before NAT, and so traffic arrives to the hosting company not masked, so it doesn't have a route back.

score 1 · Accepted Answer · answered Feb 19 '14 at 15:14

1

After all - this feature was presented in pFsense 2.1 - to make BINAT before IPSEC, this will allow to masquerade all traffic under specific IP and afterthat send it to tunnel.

answered Feb 19 '14 at 15:14

WarP

41
1
7

How to NAT behind public IP on pFsense before IPSEC to Cisco ASA?

1 Answers1