Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 583 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC-S2S VPN-LAN requires MASQ in NAT

Manish Chawda

Hi,

I have a question as to why IPSEC - Site to Site VPN Rule (VPN-LAN) in NAT requires MASQ in Translated Source(SNAT)

Kindly advise

Manish



This thread was automatically locked due to age.
Parents
  • 0

    It does not require to have it. Most likely it could mitigate some issues ahead while not causing much trouble. Therefore plenty of Admins are doing this. 

    The IP segment of IPsec VPN is something, which most admins are not propagating to there network. So if the firewall is not the default gateway, the traffic is not working. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Got it little bit!

    But can you explain with any example -- The IP segment of IPsec VPN is something

    So you mean to say that if MASQ is not configured, return packet will not identify the gateway ....?

  • +1 in reply to Manish Chawda

    The Client needs to know, where your IPsec Network is. If the client interacts with the firewall as a default network, no NAT is required. If something else is the Default gateway, a SNAT is required. 

    __________________________________________________________________________________________________________________

Reply
  • +1 in reply to Manish Chawda

    The Client needs to know, where your IPsec Network is. If the client interacts with the firewall as a default network, no NAT is required. If something else is the Default gateway, a SNAT is required. 

    __________________________________________________________________________________________________________________

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?