Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

NAT over IPSeC Site-to-Site VPN

Greetings fellow members,

I have 2 networks with 1 sophos firewall each, network A (Public IP/80.80.80.128, Local Network/192.168.20.1/24) and network B (Local Network 192.168.10.1/24).

Sophos B XGS107 (SFOS 19.5.3 MR-3-Build652)

Sophos A XG135 (SFOS 18.5.2 MR-2-Build380)

IPSeC gateway A 172.16.21.1

IPSeC gateway B 172.16.21.254

I have complete connection from one network to another meaning firewall rules from both sides, i m trying to place a NAT translation to access a network recource in network B (192.168.10.105:8022) altought i get the hits to NAT rule in packet capture i get the result that it violates firewall.

Do I need to configure firewall B too (altought I have tried with inside NAT and firewall rules)

Any ideas would be helpful.

Kind regards,

Roubos Dim



Edited TAGs
[edited by: Raphael Alganes at 12:53 AM (GMT -7) on 10 Sep 2024]
Parents
  • Hi Dimitris.

    Thank you for sharing the network topology; this is how I understand it.

    You did mention that you’re configuring a NAT. Can you explain this further? Are you mapping 192.168.10.105:8022 to a different IP, and what is that IP? Since 192.168.10.105 is in firewall B, I suggest creating the NAT rule from there and using MASQ as the translated Source.

      

    It would also be helpful if you could send us a screenshot of the packet capture error, Firewall rule, and Nat rule.

  • The topology is right the DNAT is a pretty simple NAT and also I tried a full NAT witout any positive results.

    Port 2 is the public IP of the Network A (80.80.80.128) the service port 8022 and CAMERA_KALAMARIA  IP 192.168.10.105. Here's the results from the packet capture

     

Reply Children