Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3028 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN site to site over SNAT

Telco Telco

Hi Guys,

I would like to set up VPN site to site connection between Sophos XG135w and Palo Alto Firewall using SNAT. I mean, my local network is 192.168.10.0/24, remote network is 10.58.0.0/16 and i would like to nat my network with only one IP. Right now connection is up, both phase 1 and 2 but i'm not able to reach remote site. Do i create a nat in firewall rule or when i create VPN?

 

Thanks for reply



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to LuCar Toni

    Hi LuCar Toni,

    my fault, i meant NAT 1:n, in this case you have to create 1 firewall rule, LAN to VPN, and apply masquerading in it and not in IPsec tunnel. Instead if you want NAT 1:1 KB that you provided was ok.

    Thank you for you support

  • 0 in reply to Telco Telco

    You need to apply the same KBA just with a Single SA in the IPsec Tunnel.

    It will apply a 1:N NAT (Source NAT).

    The Point is, Firewall Rules cannot apply NAT in IPsec Tunnels (right now). 

     

    • The sample scenario in this article shows a 1:1 NAT. Depending on the network requirements, it is also possible to configure a 1:n NAT (SNAT) or a Full NAT.