Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos XGS: DNAT Through Routed VPN

Hello everyone,

I am attempting to redirect all requests made to 192.168.10.5 to 172.16.10.5. The VPN is working properly on both sides.

Sophos XGS: DNAT Through Routed VPN

Details:

#VPN Working 100%
LOCAL-LAN: 192.168.10.0/24 (Sophos)
REMOTE-LAN: 172.16.10.0/24 (pfSense)

#Servers
Old Server: 192.168.10.5
New Server: 172.16.10.5

I've set up a DNAT rule as follows:

Source: 192.168.10.0/24
Original Destination: 192.168.10.5
Translated Source: Original
Translated Destination: 172.16.10.5

I've also tried adding a DNAT rule via the console, both independently and in conjunction with the above rule, but with no success:

set advanced-firewall sys-traffic-nat add destination 172.16.10.5 snatip 192.168.10.5



Added TAGs
[edited by: Raphael Alganes at 3:47 PM (GMT -8) on 13 Nov 2024]
Parents
  • Hello,

    you are trying to reach a server at 192.168.10.5 /24 from the local LAN with 192.168.10.0 /24.

    This traffic will never hit the router (= gateway), because that traffic is inside your LAN and will stay there, no need to involve the gateway.

    So basically, you can configure very sophisticated rules and settings at the Sophos XGS, but that won't work.

    Are you trying to avoid changing the Server-IP at the clients?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello,

    you are trying to reach a server at 192.168.10.5 /24 from the local LAN with 192.168.10.0 /24.

    This traffic will never hit the router (= gateway), because that traffic is inside your LAN and will stay there, no need to involve the gateway.

    So basically, you can configure very sophisticated rules and settings at the Sophos XGS, but that won't work.

    Are you trying to avoid changing the Server-IP at the clients?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children