This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to NAT specific hosts to reach remote network through IPsec S2S?

John Henry Vindas Carballo over 6 years ago

Hello everyone,

I'm facing an issue when passing traffic through an IPsec tunnel.

The tunnel is up and running and the remote network can reach a 'loopback' interface I've created on the XG firewall but not the target hosts.

On the local subnet we can't reach the remote subnet at all.

Firewall rules are created (VPN > LAN, LAN > VPN)

In the IPsec tunnel configuration, we have the 172.17.12.200/29 on the left SA and for the right SA, 172.4.4.0/24.

What I want to accomplish is to NAT the hosts on the subnet 192.168.10.0/24 (192.168.10.2-3) so they can be reachable and also be able to reach hosts on the remote subnet.

Any advice would be very helpful.

This thread was automatically locked due to age.

0 Keyur over 6 years ago

Hi John Henry Vindas Carballo

You would be required to add IP host/Network in the Local and Remote Subnet of IPsec and also add the static in XG that 192.168.10.0 network is reachable through this Interface, please enable MASQ in VPN to LAN rule.
Cancel
Vote Up 0 Vote Down

Cancel
0 John Henry Vindas Carballo over 6 years ago in reply to Keyur

Hello Keyur,

Do you mean I have to change from 172.17.12.200/29 to 192.168.10.0/24 on the Local Subnet?
If that's so, we can't change the configuration of the tunnel.

The remote site ask us to masq our subnet.

I'm wondering if XG can handles this kind of job, I run out of ideas to try to make it work.
Cancel
Vote Up 0 Vote Down

Cancel