Masking VPN source address
I have 2 USG40 that connects site A (192.168.48.0/29) with site B (192.168.0.16/29) with IPSec VPN. Site A has a server (192.168.48.3) that connects to site B server (192.168.0.18). The server of site A start a TCP connection to Server B that is in listening mode. For security reasons we like to configure Server B to accept connection that has source address of local network (192.168.0.18/29). The question is if is possible to mask server A source address (192.168.48.3) in VPN on Site B in order to behave as local host of Site B? The USG LAN IP at Site A is 192.168.48.1 and USG LAN IP on Site B is 192.168.0.22
All Replies
-
I think it's not possible.
0 -
Many thanks for the reply. After lot of testing I found a solution that is working. At site B, I activate the Source NAT at phase 2 with source (Site A Subnet 192.168.48.0/29), Destination (Site B Subnet 192.168.0.16/29) and SNAT (Site B LAN IP 192.168.0.22). This is working but if you go to Monitor -> System Status -> Session Monitor at Site B the source address remains at the original (192.168.48.3)
0 -
You should capture packet on Site B server to check if the source IP changed ti 192.168.0.22
0
Categories
- All Categories
- 393 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 906 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 332 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 880 Nebula FAQ
- 415 Security FAQ
- 220 Switch FAQ
- 195 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 63 Security Highlight