Network/NAT
I have a working IPSEC VPN between site1 and site2, so that lan1 and lan2 can communicate.
I would like to map a public IP of site1 to a host of lan2.
Setting up a virtual server from publicIPsite1 to site2hostIP and adding a route to site2hostIP via the VPN tunnel doesn't work.
I suppose because the VPN tunnel allow traffic just between the lan1 and lan2 IP network.
So I've searched a way to snat the external IP accessing the publicIPsite1, but didnt' find anything.
Is there a solution ?
many thanks
Paolo
All Replies
-
forgot to say I'm on a ATP500 vith fw 5.39 patch1
0 -
Was able to do that here
Connecting client for port 5126 > WANIP Zywall 110 > site to site > USG40 > host for port 5126
Zywall 110
LAN2 192.168.138.0/28
site to site
local policy 192.168.138.0/28
remote policy 192.168.255.64/28NAT
incoming WAN
external IP WAN
internal IP 192.168.255.66
port 5126Routing
incoming tunnel
next hop WAN
SNAT outgoing-interfaceincoming any
destination 192.168.255.64/28
next hop VPN tunnelUSG40
VLAN48 192.168.255.64/28
site to site
local policy 192.168.255.64/28
remote policy 192.168.138.0/28Routing
incoming VLAN48
next hop VPN tunnel0 -
Hi, thanks, I tried your configuration but it didn't work.
The only difference, respect to what I did before you answer, is your policy route:
incoming tunnel
next hop WAN
SNAT outgoing-interface
I suppose that by tunnel you mean the tunnel between USG110 and USG40, but what I think I need is to SNAT the IP accessing the WAN IP of the USG110, so that the internal IP masquerading it can reach the host behind the USG40, going through the tunnel.
In your configuration you snat what's coming from the tunnel while the problem is before, to go into the tunnel, IMHO.
In any case thanks for your kinf contribution
Paolo
0 -
that why you do routing
incoming any
destination 192.168.255.64/28
next hop VPN tunnel
so that the NAT rule for 192.168.255.66 routes down the tunnel
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 144 Nebula Ideas
- 94 Nebula Status and Incidents
- 5.6K Security
- 237 USG FLEX H Series
- 267 Security Ideas
- 1.4K Switch
- 71 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.3K Consumer Product
- 247 Service & License
- 383 News and Release
- 83 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.2K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 83 About Community
- 71 Security Highlight