Hello Sirs,
that are my first steps with XG210.
For the ipsec VPN tunnels to our customers, we agreed on having our local subnet masqed as a small subnet like leftsubnet=172.25.3.8/30.
In our old firewall, this resulted in our customer seeing us as 172.25.3.9/32. Thus, he could access a https service with this IP on our site.
I want to transfer this tunnels to the XG210, and I do not want to negotiate tunnel details again.
Most of the tunnels work as before, when I assign something like 172.25.3.9/32 to the "local network" and NAT this to "Internal_Network" (/24).
In this case the tunnel comes up AND I can access the "remote network" (i.e. ping a remote IP).
In one case the tunnel wont come up. So, I assign exactly the network, we agreed on (i.e. 172.25.3.8/30). Now, the tunnel comes up.
The route lookup for an IP in the remote network resolves to "... is located on the ipsec0" as expected.
However, a Ping to this IP is routed to Port2 (internet) and thus never comes back.
Why?
Do I really have to renegotiate the tunnel details with my customer, or can I translate that in any way?
Best regards to all from Germany
Frytz
This thread was automatically locked due to age.