Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3142 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SNAT Rule applies to IPsec packets

BAlfson
From the User's Manual:

Rule applies to IPsec packets (only with SNAT or Full NAT mode): Select this option if you want to apply the rule to traffic which is going to be processed by IPsec. By default this option is not selected, thus IPsec traffic is excluded from source network address translation.


I just saw that this option has been available at least since V8.3.  Has anyone used this?  It's not clear to me how/why this would be used.  Does this, in effect, let you change the source of a packet already inside an IPsec tunnel?

Cheers - Bob


This thread was automatically locked due to age.
Parents
  • 0
    I think this new capability is unrelated to the "classic" use of SNAT with an IPsec tunnel.  You can use SNAT to "add" a network/host to a tunnel that isn't configured with 'Strict routing' selected.  I did use that in V7.

    I've tried a few experiments with this new (to me) capability, but can't see how any behavior is changed, so I'm obviously not using it for its intended purpose.  I look forward to getting your results.

    Cheers - Bob
Reply
  • 0
    I think this new capability is unrelated to the "classic" use of SNAT with an IPsec tunnel.  You can use SNAT to "add" a network/host to a tunnel that isn't configured with 'Strict routing' selected.  I did use that in V7.

    I've tried a few experiments with this new (to me) capability, but can't see how any behavior is changed, so I'm obviously not using it for its intended purpose.  I look forward to getting your results.

    Cheers - Bob
Children
No Data