Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 1012 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN dynamic SNAT

Alexander May

Team,

with a UTM 9, i am connecting from my private network through a DSL router, that manages the internet connection to a corporate network via SSL vpn. 

The corporate network dynamically assigns a private address to my tun1 interface. 

To access the corporate network then, i have configured a SNAT rule, changing the source to the TUN0 address.

That works, until the vpn connection gets re-established and assigns a different tun1 address.

I am wonderung, how i can manage this, is there a way to use the tun1 in the SNAT configuration?

Any other/better way?

Thanks!



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    If the source and the translated destination have the same netmask, you could try to configure 1:1 NAT.

    Thanks,

  • 0 in reply to FormerMember

    Hi,

    not sure if i am getting this right....

    My current configuration is to have a SNAT roule that changes the source IP to the tun1 endpoint address (what gets dynamically assigned)

    A 1:1 NAT afaik would change any of my source addresses to any of the Map-To addresses.

    I would like to have a solution that makes the 'Change source to' address somehow dynamically following the tun1 endpoint address, that i got assigned...

    Thanks

  • FormerMember
    0 FormerMember in reply to Alexander May

    Hi ,

    Thank you for the update.

    I misunderstood your requirement, and I think you can resolve your issue if the remote SSL VPN user gets the fixed IP address whenever it re-connects.

    You could use the static IP address from the SSL VPN network and assign it to the user.

    Reference screenshot:

    Thanks,

  • 0 in reply to FormerMember

    Hi,

    thanks for your reply. I am afraid, that doesn't address my issue....

    The UTM is to connect to a remote corporate network (watchgurad).

    I have configured a SSL site2site VPN with connection type of 'client'.

    Here, i cannot mantiplate the IP assignment of my tunnel endpoint, as it gets dynamically assigned by the remote end. (the watchguard).

    I need to mitigate the manual changing of the SNAT rules. Ideally, i would like to have one SNAT rule that considers the tun1 address, that i just got assigned.

    Thanks

    Alex

Reply
  • 0 in reply to FormerMember

    Hi,

    thanks for your reply. I am afraid, that doesn't address my issue....

    The UTM is to connect to a remote corporate network (watchgurad).

    I have configured a SSL site2site VPN with connection type of 'client'.

    Here, i cannot mantiplate the IP assignment of my tunnel endpoint, as it gets dynamically assigned by the remote end. (the watchguard).

    I need to mitigate the manual changing of the SNAT rules. Ideally, i would like to have one SNAT rule that considers the tun1 address, that i just got assigned.

    Thanks

    Alex

Children
Unfiltered HTML