This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-to-Site IPSec VPN with SNAT

Hi all,

I need to configure a Site-to-Site IPSec VPN with SNAT, I mean the source network must be natted to single IP address before enter in VPN connection.

I created a SNAT rule with:
Source Private Network ---> Any ----> Remote Private Network
Source Translation: 192.168.200.1
Advanced Option "Rule applies to IPSec packets" enable

My question is: in "Site-to-Site IPSec VPN" Connections, what do I have to configure as "Local Networks"? The "Source Private Network" or 192.168.200.1 or both?

Best Regard,
Stefano

This thread was automatically locked due to age.

0 BAlfson over 12 years ago

Hi, Stefano,

Here's an article that will help you to understand what you need to do: How to tunnel between two ASGs having the same LAN network range

So, the answer is only 192.168.200.1 in 'Local networks' for your side.

I haven't used 'Rule applies to IPSec packets' yet, so it's not clear to me that you want to select that. Please let us know if it works either or both ways.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 Lioness over 11 years ago

Hi Bob,

My apologize for delay.

I confirm in my side it need only 192.168.200.1 in "Local Network". I enabled the "Rule applies to IPSec packets" NAT option too. I had no time slot to test if it works without that option. If I'll test it, I let you know.

Thanks for support.

Regards,
Stefano
Cancel
Vote Up 0 Vote Down

Cancel
0 gfreiler over 11 years ago

Hi,

Just to inform others. In this Case tue IPsec Option ins needed. Also requiered tat the Ipsec VPN is restarted (up & down)

Regards
Gerald
Cancel
Vote Up 0 Vote Down

Cancel

Site-to-Site IPSec VPN with SNAT

Submitted a Tech Support Case lately from the Support Portal?