Hi,
Currently I am migrating from old ASA to XG and I need to mimic setup I had on ASA. With one of our partner we have IPSEC VPN tunnel with multiple NAT rules. In short:
- There are 3 internal networks on my side (192.168.x.a/24, 192.168.x.b/24, 192.168.x.c/24)
- There are 2 servers on partner side ( s1, s2 ) and one network (192.168.z.d/24)
- My network 192.168.x.a/24 should be nated to 10.x.y.z when accessing s1
- My networks 192.168.x.b/24 and 192.168.x.a/24 should be nated to 10.x.y.d when accessing s2
- Partner network 192.168.z.d/24 will access server in 192.168.x.c/24 using 10.x.y.d address on their side
So far my understanding is that nat from my side I can configure in IPASEC VPN configuration tab in network details but there is no way to specify different NAT depending on destination. So first question is how in XG I can configure different NAT depending on destination - should I configure it as firewall rule? If so what should be set as gateway for traffic to go into IPSEC tunnel.
Second topic is how to configure Business application rule to expose my server to network on other end of ipsec tunnel. What is source zone - VPN? In allowed networks I am assuming I should enter remote network?
As usual any help appreciated :)
Pawel
This thread was automatically locked due to age.
