Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 7324 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site IPsec VPN with Lancom using 1:1 NAT

ArturKinker

Hello Guys,

i have the following Problem:

I have 2 LANs that i need to connect via VPN. one with the UTM 9 and one with Lancom Router. Both sites have deferent IP-Ranges, but unfortunatly the IP-Range from the UTM side is allready used for a deferent VPN. That meens, that i have to use the 1:1 NAT on the UTM-Side and N:N NAT on the Lancom Side, which doesn't work.


Since this was my first attempt to configure VPN between Lancom and UTM, i did first setup a simple Site to Site VPN without  1:1 NAT and the Tunnel was established and the routing worked aswell. Then i added the 1:1 NAT and now the tunnel is still funktional, but the routing isn't. At least i can't open any RDP-Sessions, Ping doesnt work aswell.

Can someone give me hint how to debug this?

p.s. Lancom Support examined the Lancom configuration and found no errors there.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Not sure but I would think you need something like this:

    Create a 1:1 source NAT rule natting your internal LAN to the defined LAN and use this defined LAN in the local networks range in the VPN tunnel.

    I am using SNAT (not 1:1) to do just the same you need (but with just a small number of defined IPs and that works as expected.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0

    Not sure but I would think you need something like this:

    Create a 1:1 source NAT rule natting your internal LAN to the defined LAN and use this defined LAN in the local networks range in the VPN tunnel.

    I am using SNAT (not 1:1) to do just the same you need (but with just a small number of defined IPs and that works as expected.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
Unfiltered HTML