This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

IPSEC tunnel mode - is NAT Possible

Hello,

wondering whether a tunnel based IPSEC VPN works with NAT on one (initiating) side.

What zone information needs to be provided on the Gateway host?

Is it required that the two XFRM interfaces can ping each other?

The configuration used to work when attached to direct internet interfaces. The tunnel seems to be activated and connected on both sides, FW Policies are in place but the data is not going through.

Remote Site initiating the connection (with NAT)

Central Site

If this is not working. Is there anything that can be done to get this running.

Regards,
BeEf

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 1 year ago +1 suggested

You can do a NAT. You cannot do a SNAT with "MASQ". Instead create a own IP.

0 Bharat J over 1 year ago

Hi BeEf

Please check the packet capture for destination IP under Monitor and Analyze this might help you to check packet flow, from console check drop packet capture if static route are added.

Thanks and Regards

"Sophos Partner: Networkkings Pvt Ltd".

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 1 year ago

You can do a NAT. You cannot do a SNAT with "MASQ". Instead create a own IP.

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel