SNAT remote SSL VPN to IPSEC tunnel

Question

I don't seem to understand how source natting should be setup in XG. 
 Following is the issue: 
 XG has IPSEC connection to other company. Traffic to/from this company is working. XG has Remote SSL VPN workers, Traffic from remote SSL VPN to XG internal network works good 
 Inside SSL VPN tunnel are Internal network from XG and remote network from remote company. 
 When making SSL connection and looking in route table both routes are there pointing to the SSL VPN-tunnel. 
 Now in XG I want to Source NAT the SSL VPN traffic going to the remote company. Traffic should be source NATted with Interface Address of XGs LAN interface. 
 For some reason this doesn't work. Now the really strange part. 
 We asked the remote company to include our SSL VPN pool inside the IPSEC tunnel and as soon as this is in place, traffic is working (and the earlier created SNAT rule sees an increasing counter). Of course the SNAT rule not needed in that case, so switching it off still lets the connection work. 
 Why does the SNAT rule not work without the SSL pool inside th IPSEC network? Isn't that what SNAT should do; make sure to route traffic somewhere where the destination doesn't know the "original" IP-address? And more importantly, how can I correctly setup SNAT for this situation in XG?

MayurMakvana · Answer

Hello, 
 Thank you for contacting Sophos Community! 
 Below link should help you: 
 https://support.sophos.com/support/s/article/KB-000037043?language=en_US 
 If it still does not help, please deactivate and reactivate the IPsec tunnel. 
 Mayur Makvana 
 Technical Account Manager Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question, use the 'Verify Answer' link.