Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 643 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nat to logical host

Lee Wilding

Hi

I need to NAT my LAN traffic to a logical host which is placed inside a site-to-site VPN.

My VPN is established and I can see my NAT rule being hit, however the traffic is not traversing the VPN, its following the default route out of the WAN.

As the host I am natting to is not assigned to an interface, do I need to add a manual route to a VPN interface as I would expect to do on an SRX for example?

Many Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi Lee and welcome to the UTM Community!

    The routing should be handled automatically if the site-to-site is correctly configured.

    Please show a picture of the Edit of the NAT rule that's not doing what you want.  Also, tell us the target IP and show us the relevant SA (like SA:10.242.1.0/24=68.227.100.4854.209.14.114=52.28.19.239/32) on the 'Site-to-site VPN Tunnel Status' page.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to Lee Wilding

    Hi Bob.


    That is the NAT rule which, on a packet capture shows as being hit, as well as the relevant LAN to WAN ACL.

    The VPN is established between the two /32s (the far end and the one I am natting to) and the SA is complete.

    I cannot location a method of looking at the routing table on the device to see the entry that would have been created by bringing up the tunnel, is that possible?

Reply
  • 0 in reply to Lee Wilding

    Hi Bob.


    That is the NAT rule which, on a packet capture shows as being hit, as well as the relevant LAN to WAN ACL.

    The VPN is established between the two /32s (the far end and the one I am natting to) and the SA is complete.

    I cannot location a method of looking at the routing table on the device to see the entry that would have been created by bringing up the tunnel, is that possible?

Children
  • 0 in reply to Lee Wilding

    You have an XG (Sophos Firewall), Lee, not a UTM, so I'll move this thread to that community.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?