This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro behind Router VPN IPSEC

How to set policy or NAT ?
If i set vpn at router front off Astaro firewall.
NAT or Policy only?

Customer ==>router vpn==>internet==>router vpn==>firewall==>Me

This thread was automatically locked due to age.

0 BAlfson over 11 years ago

It looks like both router VPN endpoints are public IPs, so that eliminates one possible problem.

No routing or NAT is required. The key is confirming that the network containing "Me" is a part of the VPN tunnel. If the network containing "Me" is masqueraded by the firewall, you don't need to do anything. Otherwise, ...

On the Customer's router, make sure that the network containing "Me" is configured in Remote Networks. On your side, make sure that the network containing "Me" is in Local Networks.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 tawanbd over 11 years ago

if i want to use vpn at internal network behind asg.
How to set up?

I use DNAT from me(public ip) to internal network and set policy(any ==> any==>internal).
It's correct?
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

Putting an IPsec endpoint behind a NATting router causes problems. Your best, and most-secure, choice is to configure SSL VPN Remote Access for yourself at the customer sites.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel