Connecting to Active Directory (AD) via IPSEC

[samnet]

Dear sirs;
Im trauggling to find a proper way to connect my opnsense to active directory via ipsec vpn tunnel.
Im sure it will not be the case for ovpn. but the main problem the DC that has AD in is actually using those terrible licensed firewalls that has only ipsec and kerio vpn. so I have configured the ipsec and opnsense is conecting via ipsec to DC and I can ping the AD server.
the crazy part is that I cant get the opnsense to join the AD. Ive done a packet capture and what Im seeing it that AD isnt giving a clear replies. and the funny part is that IPSEC is actually throwing the WAN ip as source. which is bit funny, but can someone share his experience on this??
can this work?
Firewall on AD windows 2012 is off btw.

[mimugmail]

You have to add the wan IP to phase2 in IPsec.

[samnet]

thx for this, can you pls explain more on how to do this?

[mimugmail]

Add a second phase2 to your IPsec, local net is WAN IP with /32 and remote net is LAN of DC

[samnet]

this is done already from what I recall, the way packets are shown is
Wanip 72.xx.xx.96:45556 to AD server ip 10.xx.x.2:389
ive done a packet capture and I can see 5 requests coming out but no AD handshake

[mimugmail]

Screenshot of phase2 please