SNAT over an IPSec Tunnel

Irtanto Wijaya Lv1Posted 03 Feb 2024 08:42

I have a question regarding SNAT over an IPSec tunnel. I have the following configuration:
Local subnet : 192.168.77.1/32,  All our communication to IPSec device has to go through this ip.
Remote subnet :172.17.17.9/32.

I have tried SNAT configuration, but still did not work. Any advice to solve this problem ?


AimanHakim has solved this question and earned 20 coins.

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

Can you share you're configuration and what's the objective for your setup?
Is this answer helpful?
AimanHakim Lv2Posted 03 Feb 2024 23:04
  
Can you share you're configuration and what's the objective for your setup?
mdamores Posted 06 Feb 2024 11:22
  
please share more information so we can assess and provide proper recommendations

1. can you share your current network diagram?
2. provide specific configuration for SNAT
3. provide details of IPSec tunnel
4. specify what specific troubleshooting steps conducted
5. what is your desired outcome?
Newbie517762 Lv5Posted 06 Feb 2024 11:46
  
HiHi,

Could you please provide the configuration information to us, including details about the network, IPSec, and SNAT, among others ?
It will assist us in understanding and solving the problem.

Thank you.
MTR Lv2Posted 06 Feb 2024 13:13
  
You can configure Source Network Address Translation (SNAT) over an IPSec tunnel to ensure that all communication with the IPSec device originates from a specific IP address. In your case, you want all communication to the IPSec device to go through the local subnet IP 192.168.77.1/32.

Here's a general outline of how you can achieve this:

Configure SNAT on your local network device or firewall to translate the source IP address of the outgoing packets to 192.168.77.1.

Ensure that the IPSec tunnel is properly configured to allow traffic from the local subnet 192.168.77.1/32 to the remote subnet 172.17.17.9/32.

Verify that the routing is correctly set up to direct traffic intended for the remote subnet through the IPSec tunnel.

It's important to note that the specific steps to configure SNAT over an IPSec tunnel can vary depending on the devices and software you are using.
CLELUQMAN Lv4Posted 06 Feb 2024 13:48
  
hi. missed your point there. please elaborate more.
do u want to do ipsec configuration or?
what is your end goal?
Enrico Vanzetto Lv4Posted 06 Feb 2024 17:08
  
Hi, it's hard to help you properly without details on what you are trying to achieve.
Anyway, i suggest you to double check your snat settings .
After that, i double recheck your vpn ipsec tunnel settings.
Remember that if you apply a nat 1:1 for a tunnel, on other side you have to do the same thing to ensure you that the traffic came back properly.
pmateus Lv2Posted 06 Feb 2024 18:58
  
Hi,
You should check your SNAT policies to  translate the source IP addresses to the ip of your ipsec tunnel.

Thanks,
Farina Ahmed Lv5Posted 06 Feb 2024 19:09
  
* To ensure communication to the IPSec device originates from 192.168.77.1/32:

1) Configure SNAT on your local device to translate outgoing packet source IP to 192.168.77.1.
2) Verify IPSec tunnel allows traffic from 192.168.77.1/32 to 172.17.17.9/32.
3) Ensure correct routing directs traffic to the IPSec tunnel.
4) Confirm SNAT and IPSec configurations match on both ends for proper bidirectional traffic flow.
Prosi Lv3Posted 07 Feb 2024 09:42
  
Configure an SNAT rule to enable this SSL VPN device to access the Internet on behalf of LAN users and server.
Navigate to [Firewall] > [NAT] > [SNAT Rule], create a SNAT rule and add the source IP addresses into the Source Address field.

I Can Help:

Change

Moderator on This Board

11
7
5

Started Topics

Followers

Follow

1
3
5

Started Topics

Followers

Follow

0
4
5

Started Topics

Followers

Follow

67
20
3

Started Topics

Followers

Follow

3
14
3

Started Topics

Followers

Follow

1
137
3

Started Topics

Followers

Follow

Board Leaders