Hi,
i have a Site to Site VPN with a customer, Local Network /29 and Remote Network /24. The remote site NATs 2 IPs of my Local Network to connect to QA and PROD https servers 1:1
I'm trying to create a rule that allows 4 /24 segments to connect to those https servers NATing 2 of the /29 based on destination. The problem is that the FW thinks the traffic is going WAN and not trough the VPN zone.
is there a way that traffic goes to the other site and find the host with the NAT?
Regards,
AM
If you have the option for Route based VPN (VTI) go for it, it is much easier to NAT.
If you have to do Policy based VPN, you need to perform SNAT in the VPN Tunnel config via drop down. https://support.sophos.com/support/s/article/KB-000035848?language=en_US
__________________________________________________________________________________________________________________
Hello,
I have SFOS 17.5.13 MR-13
The other side gave me the /29 segment to NAT all connections. Them they create a rule to allow 1 ip address to connect https to 1 ip in the other side and add another to connect to other ip.
So, all the traffic of my LAN zone that goes to x.y.0.52 have to be NATed with a.b.241.1 and if is going to x.y.0.53 have to be NATed with a.b.241.2
The rule is working but it identifies the remote network as a WAN zone, no a VPN zone.
The other side is another company and i can't change configurations.
AM
Ask the other site, if VTI / Route based is possible. Likely it is. Would be more easily to configure.
Your NAT is not working, it is actually applying the traffic to WAN Zone and not in the Tunnel.
__________________________________________________________________________________________________________________