Troubles with DNAT
I setup 2 Phase 2 VPN NATTED with the same GW (Phase1) in IKEv2. The Topology is this:
LOCAL LAN1 192.168.7.0/24 → NATTED ON 10.64.33.0/24 - REMOTE SUBNET 172.28.0.0/16
LOCAL LAN2 172.16.69.0/24 → NATTED ON 10.64.34.0/24 - REMOTE SUBNET 172.28.0.0/16
The 2 phases 2 go Online but only 1 DNAT works, the second one nope… Where i mistake?
If I disable the working one the other starts to work. The one that works is random, sometimes LAN1, sometimes LAN2
Sorry for my bad English…
All Replies
-
One of the destinations needs to change so that
LAN1 192.168.7.0/24 SNAT ON 10.64.33.0/24 - destination 172.28.0.0/16
LAN2 172.16.69.0/24 SNAT ON 10.64.34.0/24 - destination 172.29.0.0/16
You then need to change local/remote policy to match
0 -
Hi @simonebllc,
The original IP and mapped IP in DNAT setting cannot be subnet. You should set IP one by one.
0 -
Hi Emily, this is false because if I activate only one Phase2 everything goes well.
0 -
Hi Peter, I tryed using in the remote Subnet 172.28.0.100/32 and 172.28.0.101/32 but with no success. The problem is always the same. Only 1 works randomly. Sometimes 172.28.0.100 and if I disable that phase2 starts to work the other.
0
Categories
- All Categories
- 414 Beta Program
- 2.3K Nebula
- 139 Nebula Ideas
- 92 Nebula Status and Incidents
- 5.5K Security
- 196 USG FLEX H Series
- 262 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1K Wireless
- 40 Wireless Ideas
- 6.2K Consumer Product
- 241 Service & License
- 379 News and Release
- 80 Security Advisories
- 24 Education Center
- 5 [Campaign] Zyxel Network Detective
- 3K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 81 About Community
- 70 Security Highlight