Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rewrite Source Address (Masquerading)

Hi, guys.

I wanted to understand how we managed to do a Rewrite Source Address (Masquerading).

My situation:

I want my ssl vpn network to reach another network behind an IPSec VPN. To avoid having to publish a new route, I would like to rewrite the output to my firewall interface.

My Firewall: 192.168.10.1
My local network: 192.168.10.0/24
My VPN network: 172.16.254.0/24
Network at the other end: 192.168.254.0/24

I've tried using this setting:


SourceNAT would be IP 192.168.10.1. Unfortunately it didn't work.

Thanks for the help in advance.



This thread was automatically locked due to age.
Parents
  • SNAT works for "interface based" Traffic.

    So if you send something through a Interface, NAT will be applied.

    IPsec Traffic is not behind a Interface*. *Will be possible with V18 and VTIs.

    You would have to publish another Network into the IPsec or migrate to V18 and switch to Route based VPN. 

    __________________________________________________________________________________________________________________

  • Thanks for your explanation and time.
    I will interact with the other end to publish a new network in IPsec and in a next need I will try version 18.

Reply Children
No Data