This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Site-to-Site with SNAT vlan translation

Hi everyone,

I'm about to manage a new client infra and I'm not very friendly with sophos (used to Zyxel...).

Well the client is using an internal subnet which is already used by another client, so I can't configure a vpn site-to-site because of that.

I wanted to setup a SNAT to translate the new client subnet into a fake subnet then route that subnet to the vpn site-to-site with my other firewall.

With Zyxel its quite easy to setup a SNAT but for unknown reason here I cant make it work...

Few informations :

- client subnet is :


- LAN_IT (subnet behind my firewall):

I tried to setup a 1:1 Nat map source with : From = Internal (network) -> Any service -> To = LAN_IT, map source : change source to : LAN_FAKE (

Enable automatic firewall rule.

Did the same with a 1:1 Nat map destination for reverse requests : From = LAN_IT -> Any service -> To = LAN_FAKE, map destinationchange destination to : Internal (network

Enable automatic firewall rule.

I setup also my IPsec site-to-site vpn connection with gateway PSK and IP Gateway.

It doesnt work at all. on the logs I see that :

packet from gateway public ip): initial Main Mode message received on firewall) but no connection has been authorized with policy=PSK

When I read this I suppose there is a problem with psk but the psk are the same between my firewall and the client firewall with vpn config.

I don't understand what is wrong...

Any idea ?

Thank you,

This thread was automatically locked due to age.