Good morning,
I have hecked the forum(s) for old post about this and found something similar in this Post https://community.sophos.com/products/unified-threat-management/f/german-forum/59797/portforwarding-durch-ein-vpn-zur-anderen-seite-moglich
My issue is with a machine that is a hardware security appliance on site B.
Sites A and B have 1 UTM each, and are connected via IPsec VPN.
Unit (Site) A has a dedicated additional address for this construct over which we want to let the appliance on site B talk to the WAN.
It should also be reachable from external WAN on the dedication addition address with specific ports that I have grouped together.
I have configured a FULLNAT on UTM A with the following details:
Traffic Selector (source): Any
Target Service: SecurityAppliance portgroup
Target Address: Dedicated Additional Address (x.x.x.51)
Source Translation: x.x.x.51
Destination Translation: Appliance IP on site B
No Service Translation.
Automatic firewall rules are on.
According to every post I read about something similar this should work. But it doesn't.
Now I think I might have some routing issue or something because in the firewall log from site B I don't have any (default) blocks relating to this.
Do I have to edit the VPN between sites for this?
I figured it would be easy enough to complete this configuration but not seeing any dropped packets makes me doubt this particular configuration a little and makes diagnostics a pain.
Anyone got any ideas?
Thanks in advance
~Chris
This thread was automatically locked due to age.
