OK what we have is a remote network with multiple IP ranges.
i.e. 192.168.1.0 and 192.168.5.0
Locally we have:
Internal network 192.168.10.0
DMZ 172.16.3.0
I have setup a site to site VPN between the two firewalls, so that 192.168.10.0 can talk to 192.168.1.0
Then I created a SNAT rule as follows:
Source - 172.16.3.0
Dest - 192.168.1.0
Service - Any
Change Source to - Internal address
Service Source - No change
Destination - No change
Once this is setup I can reach 192.168.1.0 from 172.16.3.0
However I can't reach 172.16.3.0 from 192.168.1.0
Do I need another NAT rule so that traffic coming down the VPN from 192.168.1.0 is translated to the 172.16.3.0 network?
Or, to get two way traffic do I have to setup multiple VPN's? i.e. keep the 192.168.10.0 192.168.1.0
but add one for 172.16.3.0 192.168.1.0
Its just that although at one end I only have Internal and DMZ, at the other end I have 3 networks I eventually want to talk to 192.168.0.0/24, 192.168.1.0/24 and 192.168.5.0/24
Which means that for every network I want to talk to in two way mode I need a separate VPN to. Even though the endpoint for all three networks is one firewall.
This thread was automatically locked due to age.