This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ASL 4: VPN Net-to-Net with Source NAT

I think that the following problem was asked by several ASL users. We need a real solution for the ASL 4 in the future.
Today we use a vpn configuration in the following style for the management of customer systems:

172.x.x.x
|
v
ASL Source NAT to external IP (not the interface IP, a seperate virtual IP)
|
v
ASL VPN Tunnel based on PSK
|
V
Internet
|
V
Cisco VPN Router
|
V
Cisco PIX Packet Filter
|
V
Remote Net

With the new ASL version 4 we were not able to configure this situation at the standard web management gui. We must change the script /var/chroot-ipsec/opt/_updown described in the articel  #30651  to fix the snat problem.
At the moment we have no idea how to configure this. Astaro announces this based on a feature.
We think that this is a real bug of ASL 4 because the described situation is a normal remote management scenario.
We hope a member could us how to configure this scenario without tricky changes at the root level of the ASL 4.

CU   [:S]

This thread was automatically locked due to age.

0 pablito over 21 years ago

But if you used the primary external interface for the VPN endpoint it would work no problem right?  It is only because of using the seconday IP?

First, I see little benefit to using the virt IP instead of the primary.  I think this isn't really a bug but a feature left out of the GUI.

Not sure if it would help at all but you can create a manual IPSEC config that has the desired options and ASL will not alter it.   At least you only have to do the manual config one time.
Cancel
Vote Up 0 Vote Down

Cancel