Tunnel IPSEC NAT problem

V2IT
V2IT Posts: 3  Freshman Member
First Anniversary First Comment
edited April 2021 in Security
Hello everyone and Merry Christmas!!
I established an IPSEC tunnel but the other side wants to see me with another IP, how do I mask my original IP?

Comments

  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Is it site-to-site IPSec ? 
    What's the another IP address ? a single IP or a subnet ?


  • V2IT
    V2IT Posts: 3  Freshman Member
    First Anniversary First Comment
    Hello,

    Site to site

    My LAN 172.31.201.0/24 My WAN my public IP---------------remote public IP remote LAN 10.0.0.0/8
    Then, the tunel is established
    Remote side want see packet coming from 10.201.0.109
    I try to use Inbound/outbound traffic NAT with diferent configuration with out result
  • V2IT
    V2IT Posts: 3  Freshman Member
    First Anniversary First Comment
    Sorry,  forget to comment that it is an IPSEC environment
  • Ian31
    Ian31 Posts: 167  Master Member
    First Anniversary 10 Comments Friend Collector First Answer
    Here the recommend settings,
    1. IPSec VPN connection
        (1) the local policy / remote policy is HOST:10.201.0.109 /  SUBNET: 10.0.0.0/8
       
        (2) set the outbound traffic SNAT. From 172.31.201.0/24 to 10.0.0.0/8, SNAT to 10.210.0.109
       

    2. Add a policy route. From 172.31.201.0/24 to 10.0.0.0/8, go into this VPN tunnel
       

  • Zyxel_Charlie
    Zyxel_Charlie Posts: 1,034  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment
    Hello V2IT,
    You can set DNAT to mask the Wan's original IP. Please follow the steps of configuration from FAQ.
    Link:
    https://businessforum.zyxel.com/discussion/509/how-can-the-inbound-destination-nat-be-used-to-hide-the-server-s-real-ip-via-a-vpn-tunnel#latest
    Charlie

Security Highlight