• I have a client that is passing only a single subnet down an IPSEC tunnel. That is working great but I need them to access a resource in a different VLAN.  I would like to simply direct them to an IP inside the subnet they have setup and NAT all traffic to the IP of the resource in the other VLAN.  I tried setting up a Virtual IP and a 1:1 NAT but that doesn't appear to be working.

    Any suggestions at how to implement this would be greatly appreciated.

    Some crude visuals:

    Remote: <-> IPSEC <-> Local:

    Local IP: 1:1 NAT to thus allowing to access the server that resides at by locally accessing

  • I've got the exact same problem, only 1 subnet through the IPSEC-tunnel, and trying to use a 1:1 NAT to reach resources on a different subnet.

    Anyone know if this is possible? I think the main problem that it is not working, is that the source of traffic from the 'other side' is not a subnet-interface, but the IPSEC-interface. In het NAT-rule you can't select the IPSEC-interface, so the traffic is never matched against this 1:1-rule.

Log in to reply