Problem routing WAN traffic across IPSEC

Question

I'm trying to route traffic from WAN across an IPSEC tunnel to a server 
 
 WAN -> Sophos1 -> IPSEC -> Sophos 2 -> Server 
 
 I've configured firewall rule and NAT rule, then added 'system ipsec_route add net 172.16.1.0/255.255.255.0 tunnelname IPSEC 
 I also added the WAN IP address to both sides of the IPSEC tunnel so that the Sophos knows where that IP sits. 
 Packet capture all looks perfectly correct on Sophos1 
 Problem is, when I do a packet capture on Sophos2 there is no traffic whatsoever. It's as if the traffic doesn't disappears in to the never never. 
 I've google around and read multiple forums and it all seems to be setup correctly. 
 What am I missing?

LuCar Toni · Answer

You likely will need a IPsec Route. 
 docs.sophos.com/.../index.html

LuCar Toni · Answer

You need to create a SNAT object, not using MASQ. 
 See my text: 
 
 You could resolve this by doing a SNAT as well. Keep in Mind, you need to use a SNAT object, which is within your local network. So create a Host object within one of your Local Networks in Ipsec and use this in the same NAT rule. This should work.

Problem routing WAN traffic across IPSEC

Top Replies