VPN Site-to-Site with SNAT vlan translation

Hi everyone,

I'm about to manage a new client infra and I'm not very friendly with sophos (used to Zyxel...).

Well the client is using an internal subnet which is already used by another client, so I can't configure a vpn site-to-site because of that.

I wanted to setup a SNAT to translate the new client subnet into a fake subnet then route that subnet to the vpn site-to-site with my other firewall.

With Zyxel its quite easy to setup a SNAT but for unknown reason here I cant make it work...

Few informations :

- client subnet is : 192.168.2.0/24

- LAN_FAKE: 10.50.2.0/24

- LAN_IT (subnet behind my firewall): 192.168.200.0/24


I tried to setup a 1:1 Nat map source with : From = Internal (network) -> Any service -> To = LAN_IT, map source : change source to : LAN_FAKE (10.50.2.0/24)

Enable automatic firewall rule.

Did the same with a 1:1 Nat map destination for reverse requests : From = LAN_IT -> Any service -> To = LAN_FAKE, map destinationchange destination to : Internal (network 192.168.2.0/24)

Enable automatic firewall rule.

I setup also my IPsec site-to-site vpn connection with gateway PSK and IP Gateway.

It doesnt work at all. on the logs I see that :

packet from xx.xxx.xxx.xxx(my gateway public ip): initial Main Mode message received on 192.168.2.1:500(client firewall) but no connection has been authorized with policy=PSK

When I read this I suppose there is a problem with psk but the psk are the same between my firewall and the client firewall with vpn config.

I don't understand what is wrong...

Any idea ?

Thank you,