Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 18 replies
  • Answers 1 answer
  • Subscribers 2 subscribers
  • Views 17022 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How SNAT through existing IPSec tunnel - routing problem

astiadmin

Hello anyone,

I have the following problem:

I have a site-to-site IPSec VPN up and running between our SG120 and a customers Cisco ASR Router. However I am not able to get my traffic through the tunnel.

The problem is - as I assume - that I was given an IP address from the customer that I should use as the source IP within the tunnel. This IP is from a public range (66.x.x.x). Now this IP is specified at my side as the local network for my IPSec definition. Otherwise the tunnel will not come up.

When I try to ping any IP on the remote side I don't receive a reply. Also the guy from the "other side" doesn't see any requests from my network through the tunnel. That is no wonder as a traceroute is going out to the internet.

How am I supposed to configure my UTM to send traffic for the destination through the tunnel with the given IP as source address?

Any help is appreciated.

Thanks

Daniel



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to astiadmin

    it is a really bad idea to use a public ip adress for that.

    i think you need to change that first before you can go into troubleshooting.

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

  • 0 in reply to zaphod

    Thanks for you reply but:

    "... this is public IP address but it is not routed on Internet. All our VPN partners are provided NAT IP address in this range..."

    So if this is a problem I assume it is not a general one but one with Sophos UTM.

  • 0 in reply to astiadmin

    then you have a routing / firewall rule  issue

    check your mentioned kb article again.. it should also work with public adress if you configure it proper on both sides.

    i use snat for some ipsec tunnels also (cause customer uses same lan adress) so i cant think its a utm problem

     

    if you want more specific help we need more specific details form your config.. screenshots form ipsec-tunnel config / nat-config / firewall-rules will help us..

     

    greets

    zaphod
    ___________________________________________

    Home: Zotac CI321 (8GB RAM / 120GB SSD)  with latest Sophos UTM
    Work: 2 SG430 Cluster / many other models like SG105/SG115/SG135/SG135w/...

Unfiltered HTML