Hi all,
I have "inherited" an existing network consisting of several branch offices and a HQ/Datacenter.
All locations are connected via a MPLS network. All clients uses .1 as GW on their local network for the MPLS router. The MPLS network has a null-route (hope it is the right term), so all non-MPLS network traffic is routed to .2 on the HQ location where a central firewall handles the traffic (VPN connections, publishing servers etc.). This firewall is due for replacement and I'm currently evaluating the XG. A requirement is IKEv2 support, so UTM is not an option.
I am brand new to the XG - started yesterday - and so far I have migrated networks, internal routing and published servers. That seems to work as expected.
IPSec site-to-site without NAT also seems to work and is so far quite easy to configure.
For a specific IPSec tunnel we only need outbound initiated traffic, and all traffic should be SNAT'ed via a single IP (x.x.x.9). I have no control over the remote VPN settings, so my goal is to duplicate the setup from the existing firewall.
The IPSec tunnel phase 2 is defined with the local network as x.x.x.8/30 ("NAT network") and remote network is of-course the actual network. These settings are directly migrated from the legacy firewall. The tunnel is UP but currently there is no traffic flowing. I did let the XG autocreate the FW rule, which seems like a full open tunnel between the two networks. I intend to restrict this later.
I tried configuring NAT in the VPN rule and also in the FW rule (MASQ) but still no traffic is passed.
Can anyone guide me in the right direction and explain how this should be configured (and debugged if nescessary)?
This thread was automatically locked due to age.
