I have two networks: Local 192.168.1.0/24 and Remote 10.8.8.8/24.
On the local network I have installed pFsense as gateway. On the remote network there is a Cisco ASA that I don't have control over. (It's a hosting company's.)
They're saying that I have to masquerade my all local traffic under my public IP address for proper tunnel work. I have no idea how to do it.
I've tried to use a virtual IP, but pFsense does not allow me to use my public IP address as virtual.
As I understand it, IPSEC hits before NAT, and so traffic arrives to the hosting company not masked, so it doesn't have a route back.
Best Answer
After all - this feature was presented in pFsense 2.1 - to make BINAT before IPSEC, this will allow to masquerade all traffic under specific IP and afterthat send it to tunnel.