NAT and IPSEC



  • Hello together,

    i´ve got a problem with an ipsec tunnel and NAT. But i`m shure that I am not smart enough to get it running.

    I have an ipsec tunnel with an attached VLAN (an internal address). There is a NAT defined for a computer in another VLAN.
    The incoming path is working fine, the packets are coming in and beeing forwarded using the NAT.
    BUT, the way back is not working. The answers for the computer behind the NAT are going out, but on the wrong interface (default GW) but using the NAT.
    When I will integrate the additional VLAN in the ipsec, the packets are going on the correct ipsec tunnel but without the outgoing NAT.

    So, how do I get NAT and IPSEC running together?

    I did try to change the NAT with 1:1, port forward, outgoing... but no change in the handling.

    Maybe somebody could give me some hints to get this running.

    Thanks

    Alex



  • Hi ho,

    some additional Infos:

    This is the VPN Tunnel Phase 2

    2d1477a1-a3a5-4634-9632-1f0a51e1178b-image.png

    So, I will access the 192.168.70.83 using the 172.16.210.74 as NAT when the traffic is coming from the 172.25.134.0/24

    So, the Packets are coming in, will get natted to the correct server, but on the way back, they will not get the outgoing NAT, so the Packets are going out using the 192.168.70.83 Address which is not known on the other side of the VPN Tunnel...

    e224be05-3b20-4cc5-8fe8-868e370d7f52-image.png

    I hvae alos setup an outgoing NAT, but i think that i normaly do not need one, but with or without it is not working.

    87a07624-a7c8-4b82-8434-37d31bd0e742-image.png

    Maybe someone could tell me my mistake.

    Thanks

    Alex


Log in to reply