Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1392 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DNAT of IPSec traffic problem

bpopov
172.25.0.117 


This thread was automatically locked due to age.
Parents
  • 0
    Do you already have two VPN tunnels to which you want to add this?

    Are there really only two HOST_A IPs on the left side?  And only a single HOST_B IP on the right side?

    Are 98.97.182.82 and 203.130.128.98 IPs on external interfaces of the UTM, or are those the default gateways for the other IPs actually on the UTM?

    If you could do this with NAT and avoid VPNs altogether, would you?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,

    It looks like the issue had to do with local service definitions having "interface" specified, when they shouldn't have and a missing ACL on the other side. Once corrected, DNAT appears to work just fine on the packets arriving via IPSec.
Reply
  • 0 in reply to BAlfson
    Bob,

    It looks like the issue had to do with local service definitions having "interface" specified, when they shouldn't have and a missing ACL on the other side. Once corrected, DNAT appears to work just fine on the packets arriving via IPSec.
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML