IPSEC to IPSEC Tunnel - Subnetting NAT Problem/Question

Question

Hello Guys, 
 
 i have a brain lag with following situation, 
 
 I have a IPSEC to IPSEC (Site to Site) connection. 
 
 The other side need to connect or need access to our local ip adress 192.168.100.253. But they cant use this local subnet, because they use it in there own local network. 
 So i have to make a NAT MASQ or something to another IP Adress like 192.168.150.253 = 192.168.100.253, so they can insert the 192.168.150.253 network in there IPSEC Subnet Destination. 
 
 What i need to do?

MayurMakvana · Answer

Hello Patrick Merkel, 
 Greetings! 
 You may review below KBA, that may help with your requirement: 
 https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/SiteToSiteVPN/VPNConfigureSiteToSiteIPsecNAT/index.html#sophos-firewall-2-add-ipsec-connection 
 Happy to help! 
 
 Regards, 
 Mayur Makvana

MayurMakvana · Answer

Hello Patrick Merkel, 
 If Ipsec tunnel is for host to network then single IP NAT will also work ( inside IPsec tunnel settings). 
 But If ipsec tunnel is network to network then NATed LAN with another fake network should be used. 
 As far as it is having connectivity to the Firewall, there is no specific need of any changes for the vlan network. 
 
 Regards, 
 Mayur Makvana

IPSEC to IPSEC Tunnel - Subnetting NAT Problem/Question

Top Replies

Submitted a Tech Support Case lately from the Support Portal?