Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 8504 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT into remote VPN network

Fred12

I have a running VPN Site to Site with this setup:

local network: 172.20.0.0/24
remote network 172.21.0.0/24

traffic between the 2 networks is passing as expected.

Now I like to access the remote network from another local network 172.16.0.0/16. Therefore, I do not want to route this network via VPN but using nat.

I have created a Nat policy with the host 172.20.0.200.

As Sophos has no interface for VPN (internal it may has one)  I don’t know how to route traffic to VPN-NAT.



This thread was automatically locked due to age.
  • 0

    Hi,

    your VPN is a zone, so your VPN connection should use zone VPN.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I think, this wont work. Because if you want to use NAT in a IPsec Policy, you have to configure it in the IPsec Connection.

    But correct me if i am wrong. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Hi MBP,

    I will bow to your greater wisdom. I was only pointing out that his VPN should (would) in the VPN zone if setup correctly and he should use that zone. He was talking about no zone for his VPN.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thanks for reply,


    I've no idea what you want me to do.

    All VPN's (there are many configured) are in the zone VPN and routing to a zone is not possible...

    intention is to hide local 172.16.0.0/16 network for remote site

    source ip's from 172.16.0.0/16 should be NATed. On this dedicated remote site all NATed traffic should come from source 172.20.0.200/32.

  • +1 in reply to Fred12

    Hi,

    you should follow this KBA:

    https://community.sophos.com/kb/en-us/123356

    Basically you need an /32 Object as a SA in the IPsec tunnel and press "NAT" in the ipsec config. 

    Dont forget to "publish" the /32 SA to the other site of the connection. 

    __________________________________________________________________________________________________________________

Cookie Information Banner