Outbound NAT not translating over IPSec



  • @hoba:

    This is not doable through the gui currently (not sure if it's doable at all).

    Does this mean that an Outbound NAT rule will not apply over IPSec VPN?

    We're attempting to translate the Source IP 10.10.70.x to a specific Source IP of 10.10.60.120 so that the remote side [of the VPN] would see traffic coming from 10.10.60.120 instead of 10.10.70.x.  So far, our tests show that the NAT Translation is not carrying over to the remote side.  Pings still show coming from 10.10.70.x.
    I thought that there could be a XML command that could assist, but have not found one yet.

    <nat><ipsecpassthru><advancedoutbound><rule><source>
    <network>10.10.70.0/24</network>

    <sourceport><descr><target>10.10.60.120</target>
    <interface>lan</interface>
    <destination><address>172.16.0.0/23</address></destination>
    <natport></natport></descr></sourceport></rule>
    <enable></enable></advancedoutbound></ipsecpassthru></nat>


Log in to reply