USG FLEX 500H - SNAT on a Site-2-Site VPN

NHC

Hi

I want to replace a Cisco ASA 5506-x with a USG FLEX 500H. I have multiple Site-2-Site VPN connections and and got them all but one up and running. The last one uses SNAT, where my lan subnet (/24) has to be translated to another (/32).

All information I could find so for on SNAT in a VPN tunnel is for the old model, or a single article mentioning that this should be supported from firmware version released in April 2024.

So has anyone set this up, and can guide me how to do it?

zyman2008

Hi @NHC ,

With version 1.31, in the advanced settings under the phase 2 section.

PeterUK

No SNAT for VPN Site-2-Site not yet implemented in H models

zyman2008

Hi @NHC ,

With version 1.31, in the advanced settings under the phase 2 section.

PeterUK

Oh good they added it 😀

Been having a hard time getting into my FLEX H due to every 24hr or so I can't login and needs a reboot still waiting on a update for a fix on this.😶

Edit

so looks like they only added outbound NAT which I guess most only need

NHC

Hi @zyman2008
Thanks a lot. I have no access to the firewall at the moment, but I will check if I got the newest firmware, because I don't think I saw this option earlier. Will return when I had the chance.