Tunnel IPSEC NAT problem

V2IT · December 2017

Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?

Ian31 · December 2017

Is it site-to-site IPSec ?
What's the another IP address ? a single IP or a subnet ?

V2IT · December 2017

Hello,

Site to site

My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
Then, the tunel is established
Remote side want see packet coming from 10.201.0.109
I try to use Inbound/outbound traffic NAT with diferent configuration with out result

V2IT · December 2017

Sorry, forget to comment that it is an IPSEC environment

Ian31 · December 2017

Here the recommend settings,
1. IPSec VPN connection
(1) the local policy / remote policy is HOST:10.201.0.109 / SUBNET: 10.0.0.0/8

Image: https://us.v-cdn.net/6029482/uploads/editor/p4/cjwu3a298mza.jpg

(2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109

Image: https://us.v-cdn.net/6029482/uploads/editor/7d/7sptfylbp3wt.jpg

2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel

Zyxel_Charlie · December 2017

Hello V2IT,
You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
Link:
https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
Charlie

Tunnel IPSEC NAT problem

Comments

Categories

Security Highlight

Security Help Center