Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    snat

    Scheduled Pinned Locked Moved
    NAT
    2
    3
    170
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      moisesdasilvadeoliveira
      last edited by

      Dear

      I need to do a snat. I need my vpn ipsec source network translated.
      I have my internal network. 192.168.0.0/24 and I need it to arrive at the client with the net ip 172.16.10.0/29.
      I configured it in outbound, but I keep sending the ip net192.168.0.0/24 to the client.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @moisesdasilvadeoliveira
        last edited by

        @moisesdasilvadeoliveira
        On an IPSec connection this cannot be done with an outbound NAT rule, it must be done in IPSec.

        I have my internal network. 192.168.0.0/24 and I need it to arrive at the client with the net ip 172.16.10.0/29

        But you cannot translate a /24 to a /29 network at all. Either you can translate it to another /24 (same size) or to a single IP.
        So I assume you want to translate to a /24 network.

        Then go into the phase 2 settings. At BINAT select network and enter the translation network, e.g. 172.16.10.0/24.

        If both network have the same size the remote site is also able to access your site. E.g. if he enters 172.16.10.10 the packets are forwarded to 192.168.0.10, assumed that you have a firewall rule on IPSec which allows it.

        M 1 Reply Last reply Reply Quote 1
        • M
          moisesdasilvadeoliveira @viragomann
          last edited by

          @viragomann Thank you very much for your answer and explanation, it worked.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post