IPSec tunnel with overlapping subnets on both sides of the tunnel

Hello,

I have a client that has a server in the 10.0.0.0/8 range which overlaps with my 10.10.247.0/28 network.

I we are trying to NAT a single IP (192.168.247.2/32) to a single IP (192.168.247.10/32) on the other end.

I have created SNAT and DNAT rules for sending/receiving packets but I am not able to send any traffic through he tunnel.

The only guides IU am seeing are for 1:1 NAT of a whole range and not a single IP

I have used Sophos UTM: Configure a tunnel between two UTMs that use the same LAN range as a baseline but instead of 1:1 NAT I have a set of SNAT/DNAT rules.

The remote end tech has only done an SNAT for their traffic so far.

The firewall on the remote end is not a Sophos. I also ma not able to see any traffic on the Firewall log for ping but a tracert does stop at the firewall and then Unreachable.

Any thoughts would be great. Thank you in advance.

Nick



Fix
[edited by: Nick Massin at 4:53 PM (GMT -7) on 28 Jul 2022]

Top Replies