Masking VPN source address
I have 2 USG40 that connects site A (192.168.48.0/29) with site B (192.168.0.16/29) with IPSec VPN. Site A has a server (192.168.48.3) that connects to site B server (192.168.0.18). The server of site A start a TCP connection to Server B that is in listening mode. For security reasons we like to configure Server B to accept connection that has source address of local network (192.168.0.18/29). The question is if is possible to mask server A source address (192.168.48.3) in VPN on Site B in order to behave as local host of Site B? The USG LAN IP at Site A is 192.168.48.1 and USG LAN IP on Site B is 192.168.0.22
All Replies
-
I think it's not possible.
0 -
Many thanks for the reply. After lot of testing I found a solution that is working. At site B, I activate the Source NAT at phase 2 with source (Site A Subnet 192.168.48.0/29), Destination (Site B Subnet 192.168.0.16/29) and SNAT (Site B LAN IP 192.168.0.22). This is working but if you go to Monitor -> System Status -> Session Monitor at Site B the source address remains at the original (192.168.48.3)
0 -
You should capture packet on Site B server to check if the source IP changed ti 192.168.0.22
0
Master Member
Categories
- 8.4K All Categories
- 1.6K Nebula
- 71 Nebula Ideas
- 57 Nebula Status and Incidents
- 4.5K Security
- 226 Security Ideas
- 981 Switch
- 46 Switch Ideas
- 873 WirelessLAN
- 22 WLAN Ideas
- 5.1K Consumer Product
- 157 Service & License
- 280 News and Release
- 59 Security Advisories
- 13 Education Center
- 580 FAQ
- 263 Nebula FAQ
- 160 Security FAQ
- 76 Switch FAQ
- 74 WirelessLAN FAQ
- 7 Consumer Product FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 69 About Community
- 46 Security Highlight
