Passing traffic from a remote office to the main office and then to a 3rd party

FTAdmin · ‎01-03-2024

A IPSEC tunnel is already working from the main office to the Web App (3rd Party). What we need is traffic destined for the third party to pass through the main office from the remote office, which already is using an IPSEC tunnel for traffic to the main office. The company has only paid for 1 VPN tunnel, so I can't go directly from the remote office. I would appreciate any help. If more information/images are required, please let me know.

Both the remote and main office firewalls are using Firmware v7.2.5 build1517 (Feature)

ebilcari · ‎01-03-2024

If you can't change the VPN configurations in the 3rd party side and if it's configured to reach only one subnet than a solution could be to NAT the requests coming from the Remote office using one of the IP of the Main office.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.

hbac · ‎01-03-2024

Hi @FTAdmin,

You will need to add 3rd party and remote office networks to phase2 selectors of IPsec tunnels and create firewall policies to allow traffic between 3rd party and remote office tunnels.

Regards,

FTAdmin · ‎01-03-2024

Edit the phase 2 selectors of the main office IPsec tunnel to the 3rd party to include the remote office network the workstations are using?

SAJUDIYA · ‎01-03-2024

@FTAdmin You need to follow steps as below:

1. You need to add 3rd party address in phase-2 selectors of main firewall if that traffic is behind main firewall

2. You can configure SNAT/DNAT for this traffic to moved traffic from main to third party web app if traffic is doing NATing after hitting to main firewall

TAC