NAT over 2 VPN Connections

See the image below for the layout. Users behind the Meraki firewall need to reach the server behind the ASA firewall by traversing the Site2Site network between the Meraki and XG, then over the Site2Sit between the XG and ASA.

We know it's possible if we include the Meraki LAN in the config between the XG and ASA, but we would like to avoid that, if possible, for several reasons.

I tried setting up NAT based on these instructions:

https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNIPsecCreateIPsecRouteNAT/index.html

In my case, instead of the remote network needing to reach the Head Office DMZ, it needs to reach a network that is across another Site2Site VPN, but it's not working. Maybe I set something up wrong or maybe it won't work because there are 2 VPN connections involved?

Added TAGs
[edited by: Raphael Alganes at 3:11 PM (GMT -8) on 9 Jan 2025]

0 LuCar Toni 7 hours ago

Can you show us your NAT rules and did you setup the IPsec Route on CLI as well?

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 KMD_Comp 6 hours ago in reply to LuCar Toni

Here are the NAT and Reflexive NAT rules.

Yes, I setup the IPsec Route in the CLI
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel