Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
We'd love to hear about it! Click here to go to the product suggestion community
We have two IPSec VPN's configured and working. One of the remote sites added a new subnet with the same range used in the other VPN. Traffic flows fine over one tunnel, but of course doesn't route to the other tunnel addressed to the same range. Neither remote site wants to or is willing to NAT the range. Are there any options on the XG to NAT the inbound traffic from one of the tunnels?
Hi Gregory Williams
I don't think it would be possible to NAT the inbound traffic specific from that IPsec tunnel. Since traffic would be coming from VPN zone, it would not be possible to distinguish the traffic in Firewall rule to determine from which tunnel it came from. This does not seem possible to me.
In reply to Jaydeep:
That's what I thought. One site is going to need to NAT that subnet, or at least that's the only solution I can come up with.
In reply to Gregory Williams:
Yes, that's right. If the conflicting network was on the XG, we could've thought about the NAT on XG but since it's on the peer networks, we can not do much on XG for this case.