Hi,
I have searched for an answer to this, but am unable to find a result which includes a 1:1 NAT.
Here is the scenario:
Remote User -(SSL Remote Access VPN)-> Sophos UTM 9 -(IPSEC Site-to-site VPN)-> Partner servers
We have a requirement for remote users to access partners servers. Our Remote Access VPN is on the default SSL VPN subnet (10.242.2.0/24), but our partner has the requirement that traffic is sent from the 10.156.1.0/24 subnet.
The site-to-site VPN is established and working, showing up at both ends. Local network on my end is set to be 10.156.1.0/24.
I have created a 1:1 NAT rule to change traffic from remote users, going to partner network, to map the source as 10.156.1.0/24.
Automatic firewall rules have been set up for both the S2S VPN, and NAT rule.
I have added the Partner network to the local networks section in the Remote Access VPN setup.
Here is my NAT Rule:
Rule Type: 1:1 NAT (whole networks)
Matching Condition
For Traffic from: VPN Pool (SSL)
Using service: Any
Going to: [Partner Network]
Action
1:1 NAT mode: Map source
Map to: [PartnerRequiredSource] - 10.156.1.0/24
Automatic Firewall Rule - Yes
My questions are:
1. First of all, is this possible? I see no reason as to why it would not be.
2. Is the 1:1 NAT rule set up correctly?
3. Do I need a 1:1 Map Source NAT rule for traffic coming back? I have created this, but no success with this on or off.
Thanks for reading, hope it all makes sense.
This thread was automatically locked due to age.
