Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets:
1.1.2.192/28
1.1.4.48/28
1.1.8.48/28
So they want our internal private IP: 10.10.10.0/24 translated to any of those (and we need to use all of those /28 subnets).
Ex. 10.10.10.4 --> 1.1.8.51 --> TUNNEL --> x.8.55.40
This worked while we had an SG210 installed using lots of SNAT and DNAT rules for each internal IP to a statically translated 1.1.2.x / 1.1.4.x or 1.1.8.x IP. It was a pain to set up and I'm sure there was an easier way but it worked so we left it.
I'm testing with an XGS2100 now and just can't get the new way of Sophos' NATting to work the same it did with the SG.
I've tried every iteration of the following rule:
Original Source is the endpoint of the VPN. I've swapped source and destination every which way.
Here is the tunnel setup and it everything goes green and establishes. Just can't get the translation right.
This thread was automatically locked due to age.
