Hi,
I have an HA SG450 UTM 9 Pair running firmware version 9.705-3 in Active-Passive, on these there is an IPSec Site to Site setup with 1 local network (SNAT) and 10 remote networks which is working great.
I want to add another local network behind an SNAT and 1 more remote networks, when I add these in everything appears to connect however I cannot reach the new remote network at all.
Original Setup:
The Original SNAT setup is: 10.150.5.0/24 > 10.24.53.15 (1 of 10 remote IPs), Translate to 10.66.35.201
The IPSec Connection was:
10.66.35.201
Remote Gateway Networks:
10.24.53.15
My new settings:
SNAT which is setup as so: 10.150.5.0/24 > 10.66.104.2 (New remote network), Translate to 172.10.0.10 and made sure to check use in IPSec traffic.
My new Network in my IPSec connections is:
10.66.35.201
172.10.0.10
and my new remote network in my remote gateway is:
10.24.53.15
10.66.104.2
I don't see any Firewall Drops for this traffic and I do see it hitting my NAT rule and the automatically created Firewall rule, but the other end of this isn't something I control but they are saying they never see the traffic hit their end, the original one still works fine.
I've ran some ESPDUMPS but awaiting the PSK to actually decrypt to see the traffic, but it appears to be sending out to the correct remote IP.
I am assuming that 2 different SNAT'd addresses as my local networks isn't going to cause my issues as the NAT'd addresses or remote addresses don't overlap anywhere.
Additionally if this were causing an issue could i use an additional IP on my side to create a secondary tunnel instead to the same remote IP, I'm guessing using a respond only connection with the remote side using my additional IP?
Many thanks,
Martin.
This thread was automatically locked due to age.
