Issue DNAT'ing/Port Forwarding across IPSec VPN tunnel

Hi Pablo and welcome to the UTM Community!

You need a Full NAT instead of a DNAT.

Cheers - Bob

Hi Bob,

Thanks for the reply! I have tried a full NAT with the following settings without success:

Rule Type: Full NAT

Matching condition:

For traffic from: Any

Using service: HTTP

Going to: WAN Address (Site B 2.2.2.2)

Action:

Change destination to: 192.168.14.250 (Web Server site A)

And the service to: HTTP

Change the source to: 172.16.24.254 <<< Firewall inside IP for site B, is this correct?

And the service to: HTTP

Automatic firewall rules: Ticked

What am I missing? If I log initial packets, I see the traffic traverse in the Firewall log but the http request from outside just times out.

Any help greatly is appreciated!

Thank you

Please show a picture of the Edit of the NAT rule.

Cheers - Bob

Please show a picture of the Edit of the NAT rule.

Cheers - Bob

Hi Bob,

Please see the attached image.

Thank you

That looks good, Pablo.  The source should be changed to the IP of "Internal (Address)" - is that what you have?  You don't need to change the service - just leave that blank.  See #5 in Rulz (last updated 2019-04-17).

If this isn't working, please show pics of the Edits of the IPsec Connection and Remote Gateway.

Cheers - Bob

Hi Bob,

I left the services blank per your suggestion and changed the source to the internal LAN IP object (same IP as before, just a different object name). No luck.

Site B IPSec Screenshots:

Site A Screenshots:

The VPN tunnel is up, I can ping bidirectionally from each site:

Thank you

That all looks perfect, Pablo.  Do you see any related blocks in the Firewall log?

Cheers - Bob