IPSEC VPN site to site tunel established bewtween 50H and 100H, traffic gets cought on NAT

MitjaS3NEXT · June 3

I have a IPSEC VPN site to site tunel established bewtween 50H and 100H device.
50H - has 192.168.65.0/24
100H - has 192.168.75.0/24 and 192.168.1.0/24
When I try to establish a connection from 50H (192.168.65.102) to for example 192.168.75.23 it gets caught in the NAT rule. (but the NAT rule is intended for WAN to LAN traffic not for IPSEC traffic between site to site subnets)
Why is this happening? What can I do to get clear traffic?
Never got something similar on the legace 50 and 100 devices…

PeterUK · June 3

This might be caused by NAT rule for External IP set to any ?

PeterUK · June 3

This might be caused by NAT rule for External IP set to any ?

Zyxel_Tina · June 5

Hi @MitjaS3NEXT,

To better understand the issue, could you please provide more information on how you found that the traffic is being caught by the NAT rule? For example, are you seeing this behavior in logs or a specific page? A screenshot of what you are observing would be very helpful for us to clarify the situation.

Additionally, to further investigate, we would need to review the device configuration. Please help to enable Zyxel Support Access and share your org/site names with us so we can check this in more detail.

With this information, we will be able to better identify the cause and provide appropriate suggestions.

MitjaS3NEXT · June 8

@PeterUK question was the solution, we had External IP set to any, which caused that also the VPN traffic got cought in the rules.

IPSEC VPN site to site tunel established bewtween 50H and 100H, traffic gets cought on NAT

Accepted Solution

All Replies

Categories

Security Help Center