Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 4587 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing thru IPsec tunnel

vikino

Hi all,

im at the end of all my ideas so im asking for help...

I have two sites with UTM, working IPsec tunnel.

At point A there is Public WAN IP and thru this interface is reachable also subnet 172.20.60.0 which is kind of "management subnet" which i need to reach from site B.

in IPsec tunnel settings on site A is in local network specified A site LAN and subnet 172.20.60.0. on site B as remote network site A LAN and 172.20.60.0 network. Tunnel from LAN B to LAN A works fine...

But im not able to reach subnet 172.20.60.0 which is behind WAN of site A, i tryied to create SNAT rule where from LAN B, service any, to 172.20.60.0 network, change source to WAN interface (ticked rule applies to IPsec packets)

It should look like: B 10.100.200.0 wants to reach 172.20.60.0

10.100.200.x -> UTM site B - IPsec tunnel - UTM site A - WAN - 172.20.60.0

masquerade rule also did not helped

Any suggestions appreciated :-)

Thank you, Vitek



This thread was automatically locked due to age.
Parents
  • 0

    Vitek, this seems contradictory: "Tunnel from LAN B to LAN A works fine... But im not able to reach subnet 172.20.60.0"

    What do you mean by the "Tunnel ... works fine?"

    Cheers - Bob

  • 0 in reply to BAlfson

    Hi Bob,

    working tunnel means that all other LAN specified as remote networks are automaticaly routed thru tunnel and each other site was reachable.

    Yesterday i deleted all rules, SNAT, routing etc. and let only masquerading enabled and gave up searching and testing. After two hours it started to work, without my touch, so the only thing that is nesecary is Masq and that is, so problem solved it self.

Reply
  • 0 in reply to BAlfson

    Hi Bob,

    working tunnel means that all other LAN specified as remote networks are automaticaly routed thru tunnel and each other site was reachable.

    Yesterday i deleted all rules, SNAT, routing etc. and let only masquerading enabled and gave up searching and testing. After two hours it started to work, without my touch, so the only thing that is nesecary is Masq and that is, so problem solved it self.

Children
No Data