Masking VPN source address
I have 2 USG40 that connects site A (192.168.48.0/29) with site B (192.168.0.16/29) with IPSec VPN. Site A has a server (192.168.48.3) that connects to site B server (192.168.0.18). The server of site A start a TCP connection to Server B that is in listening mode. For security reasons we like to configure Server B to accept connection that has source address of local network (192.168.0.18/29). The question is if is possible to mask server A source address (192.168.48.3) in VPN on Site B in order to behave as local host of Site B? The USG LAN IP at Site A is 192.168.48.1 and USG LAN IP on Site B is 192.168.0.22
All Replies
-
I think it's not possible.
0 -
Many thanks for the reply. After lot of testing I found a solution that is working. At site B, I activate the Source NAT at phase 2 with source (Site A Subnet 192.168.48.0/29), Destination (Site B Subnet 192.168.0.16/29) and SNAT (Site B LAN IP 192.168.0.22). This is working but if you go to Monitor -> System Status -> Session Monitor at Site B the source address remains at the original (192.168.48.3)
0 -
You should capture packet on Site B server to check if the source IP changed ti 192.168.0.22
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight