IPsec/NAT not working

[Guest]

[JEK]

Hi,

I'm running Endian Community 3.0 and I'm having trouble connecting to another net over IPsec.
Well, the tunnel is actually connecting but I'm not able to ping anything on the other side. I'm assuming that there's a problem with the NAT I configured. The nets that should be connected are 10.10.0.0/24 (my side) and 172.25.99.0/24.
I configured the following NAT rule:

Source NAT
Source:        Network/IP 10.10.0.0/16
Destination:  Network/IP 10.10.0.0/24
Service/Port: ANY/ANY
NAT to source address Auto

Maybe someone can point me to where I'm wrong? Help is much appreciated.

Thanks in advance.

[Dark-Vex]

Hi,
why you have setup this Source NAT rule?  for the IPSec tunnel is not necessary.
If you cannot reach the other side maybe the tunnel is not properly established, could you please try from SSH to run the following command in order to see if the IPSec tunnel is up?

ipsec statusall

Bye
Daniele

[JEK]

Hi,

I would really like to do that but I'm not sure how to connect to the system via SSH. I have credentials for the login to the web interface but these do not work for SSH.

Regards

[Dark-Vex]

You can use on Windows the software Putty for connect to the firewall, the username for access to the system is "root" and the password that you have set

[JEK]

Ok. My fault. I must have mistyped my password...

The status of the tunnel is CONNECTING. But that's just because it gets disconnected after a few hours of not using it. If someone from the other side of the tunnel is pinging something on my side the tunnel establishes and they can reach my net.
But it's not working from my side. So I was assuming it has to have something to do with my NAT.

Just to be sure it's clear what I'm trying to do. My net is 10.10.0.0/16. I'm trying to connect to the net 172.25.99.0/24 through IPSEC. I was thinking that I need to configure NAT on my side from 10.10.0.0/16 to 10.10.0.0/24 to get this working.

Regards