Tunnel IPSEC NAT problem

V2IT
V2IT Posts: 4  Freshman Member
First Comment Seventh Anniversary
edited April 2021 in Security
Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?

Comments

  • Ian31
    Ian31 Posts: 174  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Is it site-to-site IPSec ? 
    What's the another IP address ? a single IP or a subnet ?


  • V2IT
    V2IT Posts: 4  Freshman Member
    First Comment Seventh Anniversary
    Hello,

    Site to site

    My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
    Then, the tunel is established
    Remote side want see packet coming from 10.201.0.109
    I try to use Inbound/outbound traffic NAT with diferent configuration with out result
  • V2IT
    V2IT Posts: 4  Freshman Member
    First Comment Seventh Anniversary
    Sorry,  forget to comment that it is an IPSEC environment
  • Ian31
    Ian31 Posts: 174  Master Member
    5 Answers First Comment Friend Collector Sixth Anniversary
    Here the recommend settings,
    1. IPSec VPN connection
        (1) the local policy / remote policy is HOST:10.201.0.109 /  SUBNET: 10.0.0.0/8
       
        (2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
       

    2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
       

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    50 Answers 500 Comments Friend Collector Fourth Anniversary
    Hello V2IT,
    You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
    Link:
    https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
    Charlie

Categories

Security Help Center

EnglishTiếng ViệtРусскийไทย中文(台灣)