Route-based VPN and NAT, how ?

Hi there,
We have here a Sophos XG v18.5.2.
Currently, we are successfully running a route-based VPN tunnel that includes several routes.
Since the remote loaction also has the subnet 192.168.1.0/24, we must set up a VPN NAT.

172.16.56.0 > 192.168.1.0

Is this so easily possible with route-based VPN, if so how to do this.?

Thanks for any help.
StefanS



Edited TAGs
[edited by: emmosophos at 5:23 PM (GMT -7) on 23 Sep 2022]
Parents
  • Short info.
    On our location, the firewall itself has the IP address 192.168.1.50 on port 1.
    I think that will be the challenge to NAT this network 192.168.1.0/24 which is directly connected to the FW.

  • Hi Stefan,

    In case of RBVPN you have to create full NAT rule for desired subnet with actual subnet from NAT rule configuration page.

    Following image should help you.

    -Alok

  • In addition of the great diagram that Alok supplied, I would add my two cents here:

    when connecting two sites with teh same subnets, you will have to "invent" twp additional networks.

    Let's say you give Site 1 the additional IP "virtual" net 192.168.10.0/24 and Site 2 the additional net 192.168.20.0/24.

    Then a client from Site 1 "thinks" he has to go to network 192.168.20.0/24 if he wants to connect to Site 2 and a client from Site 2 will be thinking he has to go to network 192.168.10.0/24 if connecting to Site 1.

    It depends on the POV.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • In addition of the great diagram that Alok supplied, I would add my two cents here:

    when connecting two sites with teh same subnets, you will have to "invent" twp additional networks.

    Let's say you give Site 1 the additional IP "virtual" net 192.168.10.0/24 and Site 2 the additional net 192.168.20.0/24.

    Then a client from Site 1 "thinks" he has to go to network 192.168.20.0/24 if he wants to connect to Site 2 and a client from Site 2 will be thinking he has to go to network 192.168.10.0/24 if connecting to Site 1.

    It depends on the POV.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data