Has something changed with BiNat in 2.5x?
-
I have used BiNat in the past with no issues, however, today I can not get it to work. I have several IPSec connections that I use for remote access/support for clients. Recently I gained a new client that uses the same internal subnet (192.168.1.0) as another client. The simplest thing to do would be to just renumber their network but that will need to wait until after COVID. I disabled the connection to the similar client and set this client up with a non-binat IPSEC tunnel and all works well. I can access resources on the 192.168.1.0 network. I then modified their phase 2 entry to add another network (192.168.206.0 in the Nat/BiNat translation field. I save this phase 2, change the phase 2 entry at my end to point to this new subnet, the tunnel is established but absolutely no traffic flows across the connection. I am sure that this is exactly the same way I set this up in the past, and I don't remember needing to make any other firewall rules etc. The only difference is that both firewalls are running 2.5.1 I only ask because in 2.5.0 I had several issues with IPSEC and I'm wondering if this is related.
-
I just tested and the same configuration between 2 firewalls running 2.4.5p1 works as it should, I'll upgrade them both to 2.5.1 tonight and see if that breaks the configuration.
-
I figured out the problem - I set up BiNat between several firewalls and determined that the problem was issolated to just the one (new) implementation. Realized that the default LAN to any rule specified the LAN net as the source, changing that to "any" allowed traffic to flow.