Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 2858 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSec after DNAT

system-partner
Hi everyone,

We have 2 UTM120 Boxes with the current V9.106 firmware.

LAN on Site 1: 192.168.151.0/24
LAN on Site 2: 192.168.161.0/24
Both Sites are connected with an IPSec tunnel.

I need to NAT ftp-packets from the Internet arriving at the WAN Port on Site 1 through the tunnel onto a server at Site 2.

However the packets do not arrive. Any ideas on that?

thx, Chris


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    IIRC, you also need to include port 20 for Active FTP.
    Try adding that to your DNAT, and checking the logs for port 20 traffic.

    Also, make sure the FTP Connection Track Helper is enabled (although that may only be for outgoing FTP).

    The "Change Service to:" field should be blank, btw.

    "Is there any special trick for routing into a ipsec tunnel?"

    I'm not sure. Hopefully Bob will see this.


    Barry
Reply
  • 0
    Hi,

    IIRC, you also need to include port 20 for Active FTP.
    Try adding that to your DNAT, and checking the logs for port 20 traffic.

    Also, make sure the FTP Connection Track Helper is enabled (although that may only be for outgoing FTP).

    The "Change Service to:" field should be blank, btw.

    "Is there any special trick for routing into a ipsec tunnel?"

    I'm not sure. Hopefully Bob will see this.


    Barry
Children
No Data