Mobile IPSEC and BINAT

Reply to Mobile IPSEC and BINAT on Wed, 02 Nov 2016 13:49:11 GMT

dniesen — Wed, 02 Nov 2016 13:49:11 GMT

A few more things we have tried without success…

Adding a 1:1 NAT entry for this BINAT (this worked for OpenVPN but not IPSEC)
Changing NAT-T between Force/Auto

Still no love no matter what. We have to force add the routes on the Shrewsoft VPN client for the BINAT network and we can see the traffic coming into the IPSEC tunnel but no replies and no traffic hitting the LAN so it seems like NAT is not happening. No entries in the firewall logs showing that this is blocked either.

Reply to Mobile IPSEC and BINAT on Thu, 13 Oct 2016 13:34:19 GMT

dniesen — Thu, 13 Oct 2016 13:34:19 GMT

Also, we did try flipping the local/BINAT subnets in case they were supposed to be the other way around but it didn't seem to help.

Reply to Mobile IPSEC and BINAT on Tue, 11 Oct 2016 13:30:19 GMT

dniesen — Tue, 11 Oct 2016 13:30:19 GMT

Our local network is set to 192.168.1.0/24 (the actual LAN) and the BINAT is 192.168.34.0/24 (what we would like to translate that subnet to).

Reply to Mobile IPSEC and BINAT on Tue, 11 Oct 2016 07:48:01 GMT

Derelict — Tue, 11 Oct 2016 07:48:01 GMT

What is your local network in the phase 2 set to?

Reply to Mobile IPSEC and BINAT on Mon, 10 Oct 2016 19:39:24 GMT

dniesen — Mon, 10 Oct 2016 19:39:24 GMT

We tried manually working with 1:1 NAT to get around this as well but still haven't come to a resolution. I would suspect this is a pretty common configuration so I'm surprised to not find any forum posts about this specific config.