Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 6787 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC VPN NAT

SteveHart

We're replacing our Juniper with a UTM and we had to roll back last weekend because two different VPNs failed. This thread is about the second VPN.

It's an IPsec VPN that terminates on the UTM. The VPN showed "Up" on both ends but inbound traffic did not move to our internal server. In addition, I could not ping the remote end from our server. I can ping when we're running the VPN through our existing Juniper firewall.

Juniper and Sophos seem to do everything differently, so I'm retraining myself with every step. On the Juniper, the VPN is called a tunnel and it is it's own interface. Within that interface an IP is NATted to our internal server IP. I suspect that this is what I'm missing on the Sophos. Do I just add this as an "additional address" with a new NAT rule, like anything else? If it matters, the IP is not part of our normal block, but /30 block our ISP is providing us for this address.



This thread was automatically locked due to age.
  • 0
    Steve, I'm sure the WebAdmin solution is quick and elegant, but I can't "see" what you want to accomplish. A NAT probably isn't needed - certainly not the one you described. On each end of the tunnel, which hosts/subnets should be able to access which hosts/subnets at the other end?

    FWIW, WebAdmin can deal with a public IP in 'Local Networks'.

    Cheers - Bob
  • 0 in reply to BAlfson
    Only one host is reachable on either end. The customer has a mainframe server that's spitting out print commands. Those commands are routed through the VPN to our server, which catches the print commands and turns them into files. With the Juniper in place, it works. With the Sophos in place, the VPN shows up on both ends, but the print stream never reaches us.
  • 0 in reply to SteveHart
    Please click on 'Use rich formatting' and insert pictures of the Edits of your IPsec Connection and Remote Gateway definitions. Also, one of the Edit of your NAT rule.

    Cheers - Bob