Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 4395 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT over Site-to-Site VPN

lsteger
I want to connect IPsec Site-to-site VPN to one of our suppliers.
We both are using ASG/UTM.
But the supplier already has another customer with the same IP address range like ours connected (192.168.0.0/24)
So i tried some configurations with NAT, bot none of them worked until now.

The remote ip address range: 172.25.1.0/24
Our address range: 192.168.0.0/24
The fake IP address range we want to use: 172.28.4.16/28

The tunnel has configured the suppliers range on remote side and the fake range on our side.

I tried to to configure a source NAT on our side, but I cannot access any server on the suppliers side.

Has anybody an idea how ti solve this problem?

Thank you


This thread was automatically locked due to age.
  • 0
    Hi, why do you want to use a fake IP range?
    Do you have a a conflict with another network?

    If the fake IP range could also be a /24, then a 1-1 NAT might be possible.

    Barry
  • 0
    How to tunnel between two ASGs having the same LAN network range describes the more-complex solution needed if your supplier had an internal subnet identical to yours.

    Frankly, you will run into more such problems in the future if you don't change your internal subnet now.  It should be something not in 192.168.0.0/16 as those should be left for homes and public hotspots.  We recommend leaving the subnets in 10.0.0.0/8 for AT&T, Verizon, IBM, Amazon, etc.  All but the very largest businesses should choose something in 172.16.0.0/12, so check to see if you can use all of 172.28.4.0/24 with your supplier.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML