Show Posts
1
Virtual private networks / IPsec with non-existing local subnet
« on: January 09, 2023, 12:41:40 pm »
What is the general approach when a remote IPsec site expects our traffic to originate from a subnet which does not exist on our side?
I've established an IPsec tunnel to the remote site (10.100.0.0/16). The local subnet is configured as 10.100.8.96/28 (which is from where they expect our traffic). Tunnel is up:
I added an outbound NAT with translation target set to 10.100.8.97.
Is this enough or do I need to configure anything else, such as a VIP?
I've established an IPsec tunnel to the remote site (10.100.0.0/16). The local subnet is configured as 10.100.8.96/28 (which is from where they expect our traffic). Tunnel is up:
Code: [Select]
con2[188]: ESTABLISHED 4 hours ago, *.*.*.*...*.*.*.*
con2{554}: INSTALLED, TUNNEL, reqid 2, ESP SPIs: *** ***
con2{554}: 10.100.8.96/28 === 10.100.0.0/16I added an outbound NAT with translation target set to 10.100.8.97.
Is this enough or do I need to configure anything else, such as a VIP?