Tunnel IPSEC NAT problem

V2IT
V2IT Posts: 3
First Comment Third Anniversary
 Freshman Member
edited April 2021 in Security
Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?

Comments

  • Ian31
    Ian31 Posts: 163
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member
    Is it site-to-site IPSec ? 
    What's the another IP address ? a single IP or a subnet ?


  • V2IT
    V2IT Posts: 3
    First Comment Third Anniversary
     Freshman Member
    Hello,

    Site to site

    My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
    Then, the tunel is established
    Remote side want see packet coming from 10.201.0.109
    I try to use Inbound/outbound traffic NAT with diferent configuration with out result
  • V2IT
    V2IT Posts: 3
    First Comment Third Anniversary
     Freshman Member
    Sorry,  forget to comment that it is an IPSEC environment
  • Ian31
    Ian31 Posts: 163
    5 Answers First Comment Friend Collector Fifth Anniversary
     Master Member
    Here the recommend settings,
    1. IPSec VPN connection
        (1) the local policy / remote policy is HOST:10.201.0.109 /  SUBNET: 10.0.0.0/8
       
        (2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
       

    2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
       

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034
    50 Answers 500 Comments Friend Collector Fourth Anniversary
     Guru Member
    Hello V2IT,
    You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
    Link:
    https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
    Charlie

Security Highlight