Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 423 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG: S2S IPSec (policy based) - NAT between tunnels

Alie2n

Hi,

I'm pretty sure that this question was already answered by someone, but I cannot find the answer in the forum or the knowledgbase. Please bear with me...

To my question...

I configured two policy based ipsec tunnels: Site C <10.3.0.0/24 = 192.168.0.0/24 / 172.16.0.0/24> Site A <192.168.0.0/24 = 172.16.0.0/24> Site B

Each tunnel works fine and traffic flows as wanted to Site A. Now I need traffic from Site C to Site B, but cannot alter the policies on the tunnel Site A/Site B. And Site C needs to access the ip range 172.16.0.0/24 (due to dns resolution). Is there a way that I can enable a masqerading/snat on the traffic from Site C to Site B? 

Cheers



This thread was automatically locked due to age.
Parents Reply Children
  • +1 in reply to Alie2n

    I got it working. I followed the KB article but had a misunderstanding in the command

     

    system ipsec_route add net <remote subnet> tunnelname <ipsec_tunnel>

    I thought, that I have to add the accessing network (in this case 10.3.0.0/24) . But you need to add the accessed network (in this case 172.16.0.0/24)  to the ipsec_route command. 

    After this mistake I only needed to add a snat policy and the firewall rules and everything was working as expected.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?