We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range.
Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and traffic returns through the correct VPN. However, since all VPN are on the same physical interface there's no obvious way in the UI to distinguish the traffic for NAT.
I've contacted support and they've told me that Sophos XG firewall can't do this and that I'd need to ask the 3rd party to nat all traffic on their end.
This seems odd to me as this is something I know is possible with OpenVPN and Site-to-Site tunnels. So given its Tunnel Interface VPN its interface should be enough to distinguish the traffic.
Has anyone here had experience with this?
This thread was automatically locked due to age.