DNAT towards IPsec Site
Options
Hi all,
I have the following network setup:
I want to achieve that the Proxy (192.168.101.2) can access the Target(192.168.0.2) via a Destination NAT. Currently I have two SAs allowing direct traffic, which I want to prevent.
I've configured everything as shown above, but the traffic seems to not get routed to the destination (tcpdump shows nothing arriving).
the DNAT seems to be working on all networks in Site B, but as soon as the Destination is via bound via IPsec, it does not work for me.
I've also tried to configure the destination NAT directly in the Site-2-Site VPN Configuration under Advanced, but even this did not work for me.
What did I miss?
Thanks for any response,
Jessica
P.S.: It's a USG 110
I have the following network setup:
I want to achieve that the Proxy (192.168.101.2) can access the Target(192.168.0.2) via a Destination NAT. Currently I have two SAs allowing direct traffic, which I want to prevent.
I've configured everything as shown above, but the traffic seems to not get routed to the destination (tcpdump shows nothing arriving).
the DNAT seems to be working on all networks in Site B, but as soon as the Destination is via bound via IPsec, it does not work for me.
I've also tried to configure the destination NAT directly in the Site-2-Site VPN Configuration under Advanced, but even this did not work for me.
What did I miss?
Thanks for any response,
Jessica
P.S.: It's a USG 110
0
All Replies
-
Hi @jessicas
Since you would like to use a fake source IP(192.168.100.100) to remote site 192.168.0.2.
This requirement VTI interface is required.
Site A and Site B have to setup the VPN tunnel by vit interface.
And then create policy route rule (on site B ) for your requirement.
0
Categories
- All Categories
- 385 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 80 Nebula Status and Incidents
- 5.1K Security
- 75 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 70 Switch Ideas
- 908 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 211 Service & License
- 335 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 886 Nebula FAQ
- 415 Security FAQ
- 228 Switch FAQ
- 200 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 73 About Community
- 63 Security Highlight