Masking VPN source address
Freshman Member
I have 2 USG40 that connects site A (192.168.48.0/29) with site B (192.168.0.16/29) with IPSec VPN. Site A has a server (192.168.48.3) that connects to site B server (192.168.0.18). The server of site A start a TCP connection to Server B that is in listening mode. For security reasons we like to configure Server B to accept connection that has source address of local network (192.168.0.18/29). The question is if is possible to mask server A source address (192.168.48.3) in VPN on Site B in order to behave as local host of Site B? The USG LAN IP at Site A is 192.168.48.1 and USG LAN IP on Site B is 192.168.0.22
All Replies
-
I think it's not possible.
0 -
Many thanks for the reply. After lot of testing I found a solution that is working. At site B, I activate the Source NAT at phase 2 with source (Site A Subnet 192.168.48.0/29), Destination (Site B Subnet 192.168.0.16/29) and SNAT (Site B LAN IP 192.168.0.22). This is working but if you go to Monitor -> System Status -> Session Monitor at Site B the source address remains at the original (192.168.48.3)
0 -
You should capture packet on Site B server to check if the source IP changed ti 192.168.0.22
0
Master Member
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 164 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
