NAT over IPSeC Site-to-Site VPN

Hi Dimitris.

Thank you for sharing the network topology; this is how I understand it.

You did mention that you’re configuring a NAT. Can you explain this further? Are you mapping 192.168.10.105:8022 to a different IP, and what is that IP? Since 192.168.10.105 is in firewall B, I suggest creating the NAT rule from there and using MASQ as the translated Source.

It would also be helpful if you could send us a screenshot of the packet capture error, Firewall rule, and Nat rule.

The topology is right the DNAT is a pretty simple NAT and also I tried a full NAT witout any positive results.

Port 2 is the public IP of the Network A (80.80.80.128) the service port 8022 and CAMERA_KALAMARIA  IP 192.168.10.105. Here's the results from the packet capture

Do you have a firewall rule? 

Because the packet capture states a violation, which means, no Firewall Rule is applied.

Hi Dimitris Roubos , is your tunnel policy based or route based? your xg135 is pretty old release, you may consider upgrading it to 19.5MR3 or so. If your tunnel is policy based, do you have the NAT'ed n/w (or host) in your local subnet on xg135 and remote subnet on xgs107?

It's route based, I know about the version there's a maintance scheduled for both firewalls thank you.

I didn't get what you meant with your last sentance, there is a network recource in the Network B that I need to access from outside the local network with the public IP of Network A.

I created a firewall rule Source:WAN Any host Dest: VPN CAMERA_IP port 8022, what do I miss?

I also created a FR Source:WAN Any host Dest: LAN #Port2 port 8022 and it also fails to forward.

Try: WAN to Zone ANY with #Port2 as Destination. . 

Try: WAN to Zone ANY with #Port2 as Destination. . 

It worked! Thanks a lot.

Although the traffic flows from the 2 firewall i can't reach the camera in my browser, I changed my DNAT with Full NAT and Translated Source MASQ and they worked.

Thanks a lot everyone for the help.