Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2129 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Need Help setting up DNAT and SNAT with VPN users on different subnets

Astaro Commando
Hi all,

I'm currently using the L2TP over IPSec VPN as my primary method of dialing in. Right now, the server is just set to assign an IP on the 192.168.1.x subnet where the rest of my internal network resources are sitting. I've been trying to setup DNAT/SNAT rules to get 192.168.2.x to talk to everything on the 192.168.1.x subnet in order to avoid IP conflicts and other issues.

Can someone help me out? I would like it to be both DNAT and SNAT so that the computers on my internal network can talk to the VPN users. (For VNC purposes mainly)

Thanks for any help!


This thread was automatically locked due to age.
Parents
  • 0
    I don't think you need anything other than packet filter rules for that.  If you want to assign each Remote Access user a specific IP address, you can do that in the User definition - Is that what you're trying to do?

    Cheers - Bob
    PS Just a suggestion unrelated to your question, but, unless you are forced to change from the "Astaro standard" 10.242.3.0/24, use the "VPN Pool (L2TP)" subnet so that future questions don't require additional explanation.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I don't think you need anything other than packet filter rules for that.  If you want to assign each Remote Access user a specific IP address, you can do that in the User definition - Is that what you're trying to do?

    Cheers - Bob
    PS Just a suggestion unrelated to your question, but, unless you are forced to change from the "Astaro standard" 10.242.3.0/24, use the "VPN Pool (L2TP)" subnet so that future questions don't require additional explanation.
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I don't think you need anything other than packet filter rules for that.  If you want to assign each Remote Access user a specific IP address, you can do that in the User definition - Is that what you're trying to do?

    Cheers - Bob
    PS Just a suggestion unrelated to your question, but, unless you are forced to change from the "Astaro standard" 10.242.3.0/24, use the "VPN Pool (L2TP)" subnet so that future questions don't require additional explanation.

    Tried that already - I can't access any of my internal network resources with just the packet rule in place. However, if I ping the astaro server, I get replies. Yet when I try to access the webadmin interface, it won't let me. (this might have to do with the fact that I think I only set the 192.168.1.x subnet with access rights to the webadmin interface)
Cookie Information Banner