Tunnel IPSEC NAT problem
Comments
-
Is it site-to-site IPSec ?
What's the another IP address ? a single IP or a subnet ?
0 -
Hello,
Site to site
My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
Then, the tunel is established
Remote side want see packet coming from 10.201.0.109
I try to use Inbound/outbound traffic NAT with diferent configuration with out result0 -
Sorry, forget to comment that it is an IPSEC environment0
-
Here the recommend settings,
1. IPSec VPN connection
(1) the local policy / remote policy is HOST:10.201.0.109 / SUBNET: 10.0.0.0/8
(2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
0 -
Hello V2IT,
You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
Link:
https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
Charlie
0
Categories
- 8.1K All Categories
- 1.6K Nebula
- 60 Nebula Ideas
- 54 Nebula Status and Incidents
- 4.4K Security
- 224 Security Ideas
- 963 Switch
- 45 Switch Ideas
- 868 WirelessLAN
- 20 WLAN Ideas
- 5.2K Consumer Product
- 139 Service & License
- 268 News and Release
- 53 Security Advisories
- 12 Education Center
- 573 FAQ
- 273 Nebula FAQ
- 132 Security FAQ
- 73 Switch FAQ
- 72 WirelessLAN FAQ
- 7 Consumer Product FAQ
- Documents
- 34 Nebula Monthly Express
- 71 About Community
- 44 Security Highlight