Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 578 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I cant conect server over dnat ipsec tunel rule

Ruflex


good morning, I have a sophos xg with version 17.5.13 MR-13.

In the SiteA I have an ipsec vpn mounted with a SiteB that we access through SNAT. I can access your resources without problems.

Now from the SiteB they need to access a webserver of SiteA through port 443 through the tunnel (vpn ipsec).


Site A    -----  vpn ipsec ----    Site B
   |                                             |
LN_ORAIN                            RN_siteb
   |                                             |
DMZ -- Webserver                  DMZSB         

 

I try to config a Bussines rule( SiteB host from RN_siteb --> [snat_orain] --> webserver on SiteA):

LN_ORAIN trafic from vpn --> from host SNAT_ORAIN from port 443 -> nat to srv_orain on dmz zone

 

This rule dont work... i dont see trafic from log. I think the trafic dont send by ipsec0 tunnel...

 

Thanx for help



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Did you see the traffic leaving through the ipsec0 interface on site B? Could you please provide more detail about the local and server network? 

    Thanks,

  • 0 in reply to FormerMember

    yes, i see this trafic in diagnostic --> connection list:

    13:41:51 1604969328 ipsec0 PortE4 172.29.29.29 10.140.40.40 TCP No information available 33409 443

     

    172.29.29.29 is the DMZSB

    10.40.40.40 is the NATED lan autorized

    Ipsec0 its vpn ipsec tunnel

    porte4 its my wan conection (172.1.0.254)

    I need nat trafic from portE4 to portE0 (LN_ORAIN) to access at my webserver

    PortE0 lan its 192.168.1.254 (for Servers)

    webserver its 192.168.1.80

     

    Thanx

  • 0 in reply to Ruflex

    I have already found the error, I had two problems.

    The first problem is that it had all the traffic redirected to the internet so that it could be navigated from everywhere. It has been remove the vpn from there and solved.

    The second part was a problem of the traffic rule, since it did not have the host of origin entered, which is the one that launched the request through the snat, I offer you screenshots in case someone serves him in the future.

     

    Works Fine!

    Thanx

Reply
  • 0 in reply to Ruflex

    I have already found the error, I had two problems.

    The first problem is that it had all the traffic redirected to the internet so that it could be navigated from everywhere. It has been remove the vpn from there and solved.

    The second part was a problem of the traffic rule, since it did not have the host of origin entered, which is the one that launched the request through the snat, I offer you screenshots in case someone serves him in the future.

     

    Works Fine!

    Thanx

Children
No Data