Tunnel IPSEC NAT problem
Options
Comments
-
Is it site-to-site IPSec ?
What's the another IP address ? a single IP or a subnet ?
0 -
Hello,
Site to site
My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
Then, the tunel is established
Remote side want see packet coming from 10.201.0.109
I try to use Inbound/outbound traffic NAT with diferent configuration with out result0 -
Sorry, forget to comment that it is an IPSEC environment0
-
Here the recommend settings,
1. IPSec VPN connection
(1) the local policy / remote policy is HOST:10.201.0.109 / SUBNET: 10.0.0.0/8
(2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
0 -
Hello V2IT,
You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
Link:
https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
Charlie
0
Categories
- All Categories
- 383 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 907 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 209 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 890 Nebula FAQ
- 415 Security FAQ
- 233 Switch FAQ
- 203 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 62 Security Highlight