Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 7323 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site to Site IPsec VPN with Lancom using 1:1 NAT

ArturKinker

Hello Guys,

i have the following Problem:

I have 2 LANs that i need to connect via VPN. one with the UTM 9 and one with Lancom Router. Both sites have deferent IP-Ranges, but unfortunatly the IP-Range from the UTM side is allready used for a deferent VPN. That meens, that i have to use the 1:1 NAT on the UTM-Side and N:N NAT on the Lancom Side, which doesn't work.


Since this was my first attempt to configure VPN between Lancom and UTM, i did first setup a simple Site to Site VPN without  1:1 NAT and the Tunnel was established and the routing worked aswell. Then i added the 1:1 NAT and now the tunnel is still funktional, but the routing isn't. At least i can't open any RDP-Sessions, Ping doesnt work aswell.

Can someone give me hint how to debug this?

p.s. Lancom Support examined the Lancom configuration and found no errors there.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Not sure but I would think you need something like this:

    Create a 1:1 source NAT rule natting your internal LAN to the defined LAN and use this defined LAN in the local networks range in the VPN tunnel.

    I am using SNAT (not 1:1) to do just the same you need (but with just a small number of defined IPs and that works as expected.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0 in reply to apijnappels

    Hi,


    i do have the 1:1 NAT-rules configured to map inbound and outbound VPN traffic. The proper IP-Ranges are used in the VPN definitions.

    I used this https://community.sophos.com/kb/de-de/115579 to creat the 1:1 NAT-rules

  • 0 in reply to ArturKinker

    Hi, Artur, and welcome to the UTM Community!

    Are you saying that your problem is resolved?  If not, insert pictures of your VPN definitions and your NAT rules.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to ArturKinker

    Hi, Artur, and welcome to the UTM Community!

    Are you saying that your problem is resolved?  If not, insert pictures of your VPN definitions and your NAT rules.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML