I have a question regarding SNAT over an IPSec Tunnel. We have the following configuration:
10.248.178.xxx/32 --> NAT: All our communication has to go through this ip.
The Tunnel iniates and the SA's are online
It's working if i I do a 1:1 NAT
But we have to do the followoing:
All our Networks (not just 1) must use an IP of the Local Subnet if they want to communicate with the remote Subnet. We've build a firewall rule with masquarading (eg: used IP = 10.248.178.xxx)
This does not seem to work. The traceroute is telling us the Packages wont go through the Tunnel but the route Lookup is recognisizing that the IP we are trying to communicate with is behind an IPSec Tunnel.
Can you help me with finding a solution to this problem?
Just to refresh this topic: XGv18 supports a SNAT within the IPsec Tunnel.
Simply use a custom object, not MASQ in the NAT Rule.