Route-based VPN and NAT, how ?

Hi there,
We have here a Sophos XG v18.5.2.
Currently, we are successfully running a route-based VPN tunnel that includes several routes.
Since the remote loaction also has the subnet, we must set up a VPN NAT. >

Is this so easily possible with route-based VPN, if so how to do this.?

Thanks for any help.

Edited TAGs
[edited by: emmosophos at 5:23 PM (GMT -7) on 23 Sep 2022]
  • Short info.
    On our location, the firewall itself has the IP address on port 1.
    I think that will be the challenge to NAT this network which is directly connected to the FW.

  • Hi Stefan,

    In case of RBVPN you have to create full NAT rule for desired subnet with actual subnet from NAT rule configuration page.

    Following image should help you.


  • In addition of the great diagram that Alok supplied, I would add my two cents here:

    when connecting two sites with teh same subnets, you will have to "invent" twp additional networks.

    Let's say you give Site 1 the additional IP "virtual" net and Site 2 the additional net

    Then a client from Site 1 "thinks" he has to go to network if he wants to connect to Site 2 and a client from Site 2 will be thinking he has to go to network if connecting to Site 1.

    It depends on the POV.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.