Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forwarding WAN to Route based VPN

I have 2 XG ver. 20 firewalls between 2 sites, both with Static public IP.

There is a SDWAN route based VPN between the 2 sites, and it works perfect. the roude precedence is SDWAN, Static, VPN.

I am trying to publish an internal server resource that resides in Site A, using the Site B WAN.

There is a firewall rule on Site B - Allow WAN to VPN, with specified TCP port number, and also a NAT rule to DNAT to the internal server.

It does not work. The packets arrive on the Site B WAN interface, and are sent out immediately on the same WAS interface, even there is an SDWAN policy to send anything destined for Site A LAN over the VPN.

I had tried using Source NAT rule as well, but the packets still exit the same WAN interface.



This thread was automatically locked due to age.
Parents
  • Can you show us the route precedence and the SD-WAN Route?
    Are there other sd-wan routes (or other static routes)


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • SD-WAN route, Static route, VPN route.

    there is ony 1 SD-WAN route:

    The only way I can get the packets to exit the VPN xfrm interface, is by adding a static route. not sure why.

Reply Children