Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3148 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT Rule applies to IPsec packets

BAlfson
From the User's Manual:

Rule applies to IPsec packets (only with SNAT or Full NAT mode): Select this option if you want to apply the rule to traffic which is going to be processed by IPsec. By default this option is not selected, thus IPsec traffic is excluded from source network address translation.


I just saw that this option has been available at least since V8.3.  Has anyone used this?  It's not clear to me how/why this would be used.  Does this, in effect, let you change the source of a packet already inside an IPsec tunnel?

Cheers - Bob


This thread was automatically locked due to age.
  • 0
    Hi Bob,
    I haven't tried that (and I don't remember seeing it).

    I was trying to do an SNAT previously on a site-to-site tunnel with 7.5 and didn't have any luck.
    Maybe I'll try it again soon, I will be replacing the 7.5 firewall with 9.006 next week.

    Barry
  • 0
    I think this new capability is unrelated to the "classic" use of SNAT with an IPsec tunnel.  You can use SNAT to "add" a network/host to a tunnel that isn't configured with 'Strict routing' selected.  I did use that in V7.

    I've tried a few experiments with this new (to me) capability, but can't see how any behavior is changed, so I'm obviously not using it for its intended purpose.  I look forward to getting your results.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0
    Barry, did you try this?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner