Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 40 subscribers
  • Views 3516 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rewrite Source Address (Masquerading)

Gib GoDesk

Hi, guys.

I wanted to understand how we managed to do a Rewrite Source Address (Masquerading).

My situation:

I want my ssl vpn network to reach another network behind an IPSec VPN. To avoid having to publish a new route, I would like to rewrite the output to my firewall interface.

My Firewall: 192.168.10.1
My local network: 192.168.10.0/24
My VPN network: 172.16.254.0/24
Network at the other end: 192.168.254.0/24

I've tried using this setting:


SourceNAT would be IP 192.168.10.1. Unfortunately it didn't work.

Thanks for the help in advance.



This thread was automatically locked due to age.
Parents
  • +1

    SNAT works for "interface based" Traffic.

    So if you send something through a Interface, NAT will be applied.

    IPsec Traffic is not behind a Interface*. *Will be possible with V18 and VTIs.

    You would have to publish another Network into the IPsec or migrate to V18 and switch to Route based VPN. 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks for your explanation and time.
    I will interact with the other end to publish a new network in IPsec and in a next need I will try version 18.

Reply Children
No Data
Unfiltered HTML