Following situation:
We have one datacenter with an XG210 HA connecting with IPSec to many customers with XG/UTM firewalls.
Also we have 3 offices with engineers connected to the datacenter with XG -> XG RED tunnel to datacenter, also our remote worker use dial in VPN in case they are on the Road to connect to datacenter.
Our plan is to masquerading the traffic from the RED Tunnel´s so that the firewall on customer side think the traffic is coming from the IPsec LAN in our datacenter.
In example:
LAN Office1: 192.168.0.0/24
LAN DC (used in alle IPSec tunnels to customer) : 192.168.200.0/24
LAN Customer: 192.168.50.0/24
So the traffic should go from gateway in office 1 -> gateway RZ ----masquerading as 192.168.200.x -> gateway at customer side
Have setup static route on XG Office 1 to route 192.168.50.0/24 to datacenter using reds1 - also create FW rule to allow that traffic
Have create Firewall Rule on XG DC to allow traffic from LAN Office to LAN Customer AND enable NAT & masquerading using fresh created gateway 192.168.200.253
But that do not work.
Have anyone same situation and found an solution?
We do not want to insert all subnet´s into IPsec configuration because if we got an new office we had to change all IPsec Endpoints :-(
BR Gerald
This thread was automatically locked due to age.