- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
S2S VPN with multiple source NAT
Hello,
I need to setup a VPN with a partner. We agreed for two subnets that are not in conflict with both mine and their internal networks:
my side: 172.24.1.8/29
their side: 172.24.1.0/29
They identify both networks as IP-Pools and in the doc they sent me, I read that on my side "internal network should be hidden behind 172.24.1.9/32"
At the end, my hosts should be able to reach 172.24.1.1 and 172.24.1.2 on the remote side.
I configured the tunnel with these two networks in the phase2, but I suppose it's not enough... should I configure a pool?
And (second step): I have several internal networks that I want to be able to communicate with the remote site, the 172.24.1.8/29 actually is only defined as address for routing but my clients are on other networks. Which part of the configuration should be changed to allow this?
Thanks
(200D)
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I saw almost the same post this month or last month and commented. NATing on an IPsec VPN is nothing different from NATing on a regular interface because you must have setup an interface-mode/route based IPSec. Either setting the SNAT IP(172.24.1.9/32) on the VPN interface to use for the NAT or if it's already occupied with a different peer tunnel IP setting an IP pool with the SNAT IP would do the NAT.
Of course you need to have a proper route for the destination and adjust the policy if it's limiting src/dst addresses.
For the second part, your description of the requirement is not clear but what you need to to would be similar to the first part.
