nat rule replace destination and masquerade

Question

hello community, 
 i try to reach a device in a subnet A from another subnet B. 
 
 problem1: the device in subnet A has no route to firewall (only local subnet with firewall). so i have to use masquerade to get reply packets. 
 problem2: i have to use a nated ip for device, because it's original ip cannot be used for routing from source subnet B, because of overlapping ip ranges. 
 
 i tried it with one nat rule replacing destination and MASQ. outbound interface is local interface selected which is connected to target device in subnet A. 
 
 in paket capture i can see incoming pakets from vpn with device nated ip as target. but paket is not forwarded by firewall. 
 
 any ideas? is it possible to implement this scenario with sophos firewall? 
 
 thank you. 
 
 kind regards, 
 Chris

Raphael Alganes · Answer

Hello there, 
 Thanks for reaching out to Sophos Community and hope you are well. 
 Kindly provide at network diagram and traffic flow you are trying to achieve on this use case. 
 Also, you may freely reach out to your local Sales Engineer, local Partner if this is an implementation/deployment activity and I believe they are also able to help you 
 with your setup. 
 Thanks for your time and patience and thank you for choosing Sophos 
 Cheers,

nat rule replace destination and masquerade

Top Replies