Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 1968 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to publish host from remote ipsec tunnel?

ITA_Fabio

Hi everyone,

I describe what I wanna do: I've got two site, connected by ipsec tunnel and both end with XG. The main side has single static ip address (used by ISP router which is configured to forward everything to sophos). The remote side is on a a connection natted by ISP itself, so I can not do any port-forwarding. Anyway the ipsec tunnel work well. On the remote site I got a couple of security cams, managed by an NVR and I can manage it by using it local remote ip. I would expose it to be public reachable through the ipsec tunnel... it is possible?!? I've tried with a full-nat rule but without luck.

If could help I can post a diagram of all of this, let me know (and sorry for my bad English :) )

 

Regards
Fabio 



This thread was automatically locked due to age.
Parents
  • 0

    My first shot would be: Create a simply RED site to Site tunnel and use DNAT.

    Easiest way to get this running. Otherwise you will struggle with DNAT through a IPsec Tunnel. https://community.sophos.com/kb/en-us/125101

  • 0 in reply to LuCar Toni

    Hi LuCar,

    Thanks for your fast reply. I'll read your link this evening, but I've got one question: if I've understood well the use of RED got the same benefit of on ipsec tunnel with some more advantages, right? Using the RED feature my remote site act like it's  a part of mine site? As another segment of lan?

     

    Regards
    Fabio

  • 0 in reply to ITA_Fabio

    RED will basically plug a cable in both appliances.

    Everything will work like you would connect both appliances via cable.

    You still need a route, you still need a firewall rule etc. 

    But you can easily work with DNAT and other stuff. 

  • 0 in reply to LuCar Toni

    Can I create the two REDs while ipsec is running or it's better stop it before, delete fw rules and after all create REDs?

    Another thing: on both site I ve got two WAN, can I force RED to create connection using a specific WAN?!?

  • 0 in reply to LuCar Toni

    I've follwed the guide but not sure about the result. The tunnel between the two REDs has been created, from the server I see the ip address of the uplink is the one of the other WAN (primary WAN) that I want to use. But other that there is something strange, start to ping each gateway from other side there are a lot of request timeout (in ping from server to client side) and a lot destination host unreachable (from client to server side) and the drops seem to be in sync... any idea?!? Could the multi WAN on each side causing this effect? I've tried to disable the compression setting but nothing change.

Reply
  • 0 in reply to LuCar Toni

    I've follwed the guide but not sure about the result. The tunnel between the two REDs has been created, from the server I see the ip address of the uplink is the one of the other WAN (primary WAN) that I want to use. But other that there is something strange, start to ping each gateway from other side there are a lot of request timeout (in ping from server to client side) and a lot destination host unreachable (from client to server side) and the drops seem to be in sync... any idea?!? Could the multi WAN on each side causing this effect? I've tried to disable the compression setting but nothing change.

Children