Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 19 November 2024, 03:50:52 am

Login with username, password and session length

Visit the official Endian Community Mailinglist  HERE
14258 Posts in 4377 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  How to Source NAT with unused IP
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: How to Source NAT with unused IP  (Read 15561 times)
venkat
Jr. Member
*
Offline Offline

Posts: 3


« on: Thursday 24 May 2018, 02:26:55 am »

Environment:
LAN IP: 192.168.0.100/24
WAN IP: 1.1.1.1/30
Version: 3.2.2

Requirement:
We want to SNAT traffic from Src IP: 192.168.0.1/32 going to Dst IP: 172.1.1.1/32 be Source Nat to 192.168.10.10/32. We already have a VPN tunnel between 2 of our sites for carrying traffic between 192.168.10.10/32 & 172.1.1.1/32. Once we get the Natting up, we can forward the traffic destined to 172.1.1.1/32 via this IPSec tunnel after Source Natting to 192.168.10.10/32.

Issue:
When we go to NAT > SNAT option, we don't find any option to manually enter IP for Source Natting, but instead there is only drop-down option to select the Firewall's pre-existing LAN IP & WAN IP.

Can someone kindly help us with doing this requirement. I'm new to Endian & not sure how to figure this out.
Logged
venkat
Jr. Member
*
Offline Offline

Posts: 3


« Reply #1 on: Thursday 24 May 2018, 03:09:53 am »

UPDATE.
We were able to edit the /var/efw/snat/config file & add the SNAT entry as per our requirement. But the problem is that the NAT is not happening. As in when we send packet from 192.168.0.1/32, it exits to WAN IP (because of default route pointing to WAN IP of 1.1.1.1) which we can see from a traceroute from that PC.
Can someone kindly help us please.
Logged
venkat
Jr. Member
*
Offline Offline

Posts: 3


« Reply #2 on: Thursday 24 May 2018, 03:44:32 am »

UPDATE
It's is probably a routing issue / question too. I have my nat rule at the top in config file. But it is probably picking up default Nat rule to egress via main WAN link out.
If routing happens before Natting then what we said above is explained. But to fix it, in Routing there is no option to select IPsec as next hop.
I think if we can get Natting to work, them possibly traffic to 172. destination would go via tunnel since typically Strongswan puts dynamic routes automatically when VPN is up for the matching configured SA pairs.
Can someone help us with this SNat + Routing to tunnel requirement of ours.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 18 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com