Tunnel IPSEC NAT problem

V2IT
V2IT Posts: 3  Freshman Member
edited April 2021 in Security
Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?

Comments

  • Ian31
    Ian31 Posts: 161  Master Member
    Is it site-to-site IPSec ? 
    What's the another IP address ? a single IP or a subnet ?


  • V2IT
    V2IT Posts: 3  Freshman Member
    Hello,

    Site to site

    My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
    Then, the tunel is established
    Remote side want see packet coming from 10.201.0.109
    I try to use Inbound/outbound traffic NAT with diferent configuration with out result
  • V2IT
    V2IT Posts: 3  Freshman Member
    Sorry,  forget to comment that it is an IPSEC environment
  • Ian31
    Ian31 Posts: 161  Master Member
    Here the recommend settings,
    1. IPSec VPN connection
        (1) the local policy / remote policy is HOST:10.201.0.109 /  SUBNET: 10.0.0.0/8
       
        (2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
       

    2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
       

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    Hello V2IT,
    You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
    Link:
    https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
    Charlie

Security Highlight