Site2Site VPN with IPSEC, both Sites are NATed

Hi guys,

in our HQ there's a SG behind a FritzBox Router. In the FritzBox theres an Expose Host configured. At customer Site there's an SG behind a FritzBox. There's also an Expose Host configured.

HQ SG (Respond only):
LAN: 172.17.10.0
WAN: 10.10.0.2

HQ FritzBox:
LAN: 10.10.0.1
WAN: 217.70.195.127

INTERNET

Customer FritzBox:
LAN: 192.168.2.1
WAN: 87.140.61.79

Customer SG (Initiate):
LAN: 192.168.10.0
WAN: 192.168.2.2

At another customer without FritzBox it's possible to get a tunnel. But with two FritzBoxes it won't work.

Do you have any ideas, how I will get this work?

Greets
Christoph



Mention which SG Initiate and respond
[edited by: Christoph Klahn at 4:42 PM (GMT -7) on 8 Apr 2021]
Parents Reply
  • Try to configure one location as "Listen" rather than "Connect".
    On some installations I've seen :
    With both locations on "Initiate" the connection looks for port 500 as SRC and DST. However, the Nat router changes the source port.
    Also found in the IPSec protocol.


    Dirk

    Sophos Solution Partner since 2003
    If a post solves your question click the 'Verify Answer' link.

Children
No Data