I can't get an IPsec NAT Site-to_site tunnel to work. I get
"IKE message (9C0134C0) retransmission to VPN.GATEWAY.ADRESSE.HERE timed out. Check if the remote gateway is reachable."
(i can ping it)
we have the following:
I try to establish an IPSec Site-to-site tunnel accross the globe. It needs to be nat'ed, since our local net is already in use at the destination.
we've decided that we use 192.168.16.0/24 for our side.
The Xg on our side does not have direct internet connection. it is connected to the ISPs router
LOCAL Network: 192.168.0.0 / 24
LOCAL NAT: 192.168.16.0 /24
REMOTE NAT: 172.19.48.0 / 23
Remote Gateway: 22.214.171.124 (obviously not going to post it here)
Sophos Port 2 (WAN) internal IP: say: 192.168.178.23 (i chose a random number for the discussion)
The admin also provided me with the internal IP of their router: lets say: 192.168.230.1
I configured the IPsec policy according to the admins criteria. (we are going to be the iniator)
in VPN / site-to-site I configured:
The ikev2 Profile with pre shared key
listening device is port 2 (where the ISP router is connected) (firewall on the router is konfigured wiuth 500,4500,1500 UDP)
typed in the gateway address
"local id" is set to default (already tried the actuall IP adress aswell as 0.0.0.0)
"remote id" is set to the internal IP adress 192.168.230.1
under "local subnet" i set the "local nat" 192.168.16.0
"remote subnet" is 172.19.48.0
i ticked the nat box and set the "original subnet" to 192.168.0.0
and created an automated firewall.
Since the firewall log doesnt show anything, I assume I need to setup some sort of SNAT / DNAT rule to route, but since I do setups like this onbly like once a year....
I would be glad if anyone could help :-)
This thread was automatically locked due to age.