S2S VPN with multiple source NAT

Author
mauros
New Member
  • Total Posts : 3
  • Scores: 0
  • Reward points: 0
  • Joined: 2020/02/28 02:28:42
  • Status: offline
2020/02/28 04:32:35 (permalink)
0

S2S VPN with multiple source NAT

Hello,
I need to setup a VPN with a partner. We agreed for two subnets that are not in conflict with both mine and their internal networks:
my side: 172.24.1.8/29
their side: 172.24.1.0/29
They identify both networks as IP-Pools and in the doc they sent me, I read that on my side "internal network should be hidden behind 172.24.1.9/32"
At the end, my hosts should be able to reach 172.24.1.1 and 172.24.1.2 on the remote side.
I configured the tunnel with these two networks in the phase2, but I suppose it's not enough... should I configure a pool?
And (second step): I have several internal networks that I want to be able to communicate with the remote site, the 172.24.1.8/29 actually is only defined as address for routing but my clients are on other networks. Which part of the configuration should be changed to allow this?
Thanks
(200D) 
 
#1

1 Reply Related Threads

    Toshi Esumi
    Expert Member
    • Total Posts : 2029
    • Scores: 186
    • Reward points: 0
    • Joined: 2014/11/06 09:56:42
    • Status: offline
    Re: S2S VPN with multiple source NAT 2020/02/28 10:38:22 (permalink)
    0
    I saw almost the same post this month or last month and commented.
    NATing on an IPsec VPN is nothing different from NATing on a regular interface because you must have setup an interface-mode/route based IPSec. Either setting the SNAT IP(172.24.1.9/32) on the VPN interface to use for the NAT or if it's already occupied with a different peer tunnel IP setting an IP pool with the SNAT IP would do the NAT.
    Of course you need to have a proper route for the destination and adjust the policy if it's limiting src/dst addresses.
     
    For the second part, your description of the requirement is not clear but what you need to to would be similar to the first part.
     
    #2
    Jump to:
    © 2020 APG vNext Commercial Version 5.5