DNAT towards IPsec Site
Hi all,
I have the following network setup:
I want to achieve that the Proxy (192.168.101.2) can access the Target(192.168.0.2) via a Destination NAT. Currently I have two SAs allowing direct traffic, which I want to prevent.
I've configured everything as shown above, but the traffic seems to not get routed to the destination (tcpdump shows nothing arriving).
the DNAT seems to be working on all networks in Site B, but as soon as the Destination is via bound via IPsec, it does not work for me.
I've also tried to configure the destination NAT directly in the Site-2-Site VPN Configuration under Advanced, but even this did not work for me.
What did I miss?
Thanks for any response,
Jessica
P.S.: It's a USG 110
I have the following network setup:
I want to achieve that the Proxy (192.168.101.2) can access the Target(192.168.0.2) via a Destination NAT. Currently I have two SAs allowing direct traffic, which I want to prevent.
I've configured everything as shown above, but the traffic seems to not get routed to the destination (tcpdump shows nothing arriving).
the DNAT seems to be working on all networks in Site B, but as soon as the Destination is via bound via IPsec, it does not work for me.
I've also tried to configure the destination NAT directly in the Site-2-Site VPN Configuration under Advanced, but even this did not work for me.
What did I miss?
Thanks for any response,
Jessica
P.S.: It's a USG 110
0
All Replies
-
Hi @jessicas
Since you would like to use a fake source IP(192.168.100.100) to remote site 192.168.0.2.
This requirement VTI interface is required.
Site A and Site B have to setup the VPN tunnel by vit interface.
And then create policy route rule (on site B ) for your requirement.
0
Categories
- All Categories
- 415 Beta Program
- 2.3K Nebula
- 141 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.5K Security
- 216 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 39 Wireless Ideas
- 6.3K Consumer Product
- 243 Service & License
- 382 News and Release
- 81 Security Advisories
- 27 Education Center
- 8 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight