Hello,
Running into an issue DNAT'ing/Port Forwarding traffic to reach a server across an IPsec VPN. The web sever is 192.168.14.250 in site A but needs to be DNAT'ed/Port Forwarded to the WAN interface of site B.
Site A Site B
Sophos UTM 9.7 Sophos UTM 9.7
WAN 1.1.1.1 WAN 2.2.2.2
LAN 192.168.14.0/24 <IPSec VPN established> LAN 172.16.24.0/24
Web Server: 192.168.14.250 Ports 80, 443
Any help would be greatly appreciated! I've been working on this for a few days without success.
Thank you!
Hi Bob,
Thanks for the reply! I have tried a full NAT with the following settings without success:
Rule Type: Full NAT
Matching condition:
For traffic from: Any
Using service: HTTP
Going to: WAN Address (Site B 2.2.2.2)
Action:
Change destination to: 192.168.14.250 (Web Server site A)
And the service to: HTTP
Change the source to: 172.16.24.254 <<< Firewall inside IP for site B, is this correct?
And the service to: HTTP
Automatic firewall rules: Ticked
What am I missing? If I log initial packets, I see the traffic traverse in the Firewall log but the http request from outside just times out.
Any help greatly is appreciated!
Thank you
That looks good, Pablo. The source should be changed to the IP of "Internal (Address)" - is that what you have? You don't need to change the service - just leave that blank. See #5 in Rulz (last updated 2019-04-17).
If this isn't working, please show pics of the Edits of the IPsec Connection and Remote Gateway.
Cheers - Bob
Hi Bob,
I left the services blank per your suggestion and changed the source to the internal LAN IP object (same IP as before, just a different object name). No luck.
Site B IPSec Screenshots:
Site A Screenshots:
The VPN tunnel is up, I can ping bidirectionally from each site:
Thank you