Hello Community,
I have an IPsec Tunnel with the Firewall IP (192.168.0.1) on local site and a Webserver (192.168.100.100) on remote site. The Tunnel is established. On local site I have a 2nd system (192.168.0.2), that should have access to the Webserver.
To allow this I created a SNAT rule with the following parameters:
Original Source: 192.168.0.2 (2nd System)
Translated Source (SNAT): 192.168.0.1 (Firewall IP in Tunnel Definition)
Original Destination: 192.168.100.100 (Webserver)
Original Service: HTTPS
All other (DNAT, PNAT): Original
In- and outbound Interface: Any
If I try to access the Webserver the traffic will not go into the tunnel and it is routed to the internet (Port3). Port1.10 is my LAN Interface:
12:43:37.118905 Port1.10, IN: IP 192.168.0.2.42701 > 192.168.100.100.443: Flags [S], seq 2551057040, win 29200, options [mss 1460,sackOK,TS val 2412411952 ecr 0,nop,wscale 7], length 0
12:43:37.118915 Port3, OUT: IP 192.168.0.1.42701 > 192.168.100.100.443: Flags [S], seq 2551057040, win 29200, options [mss 1460,sackOK,TS val 2412411952 ecr 0,nop,wscale 7], length 0
12:43:37.118916 oct0, OUT: IP 192.168.0.1.42701 > 192.168.100.100.443: Flags [S], seq 2551057040, win 29200, options [mss 1460,sackOK,TS val 2412411952 ecr 0,nop,wscale 7], length 0
I also tested it with a IPsec Route to get the traffic into the tunnel without success:
system ipsec_route add host 192.168.100.100 tunnelname IPSec-Tunnel
The Firewall runs on SFOS 19.0.1-350. Has anybody an idea what is wrong here?
Thanks,
Ben
This thread was automatically locked due to age.
