Hello,
Another company asked me to establish a IPSec tunnel and the gave me a subnet I needed to use.
They have subnet 10.100.10.0/24 and they want me to use subnet 10.101.10.0/24, our own subnet for the LAN is 192.168.60.0/24.
The following services are needed over the IPsec tunnel Echo/ping and HTTPS_tcp.
The IPsec tunnel is up and running, but I have some issues with the outgoing traffic. The firewall rule for them to do a Echo/ping to one of our systems is working fine.
Created a DNAT business rule with the following settings (Both rules below ar located at the top)
Source: VPN
Network: 10.100.10.250 (their monitoring device)
Destination: 10.101.10.254
Service: Ping
Forward to protected server: one of my servers
Protected Zone: LAN
However the rule for us to connect to their https site is not working: I used a network rule with the following settings
Source: LAN
Source Network: 10.101.10.0/24
Destination: VPN
Destination network: 10.100.10.0/24
Services: Ping and HTTPS
Nat and routing Rewrite source address (Masquerading) checked
Use outbound address: 10.101.10.1/24
We also have a IPSEC tunnel to our other location, with 2 rules VPN to LAN any any and LAN to VPN any any, we don't have any issues with this one. but then again I don't need to use snat for this.
This thread was automatically locked due to age.
