Issue while configuring IPSec tunnels with NAT

hariftacademy@gmail.com · May 28, 2025, 11:32:15 AM

HI all,

We are mainly using Azure. Now we are planning to connect our child project accounts to our Azure VPN via IPSec.
We are trying to configure an IPsec tunnel with NAT configured for this. The attached image shows our requirement cleanly.
We have multiple AWS accounts with default VPN network settings (172.31.0.0/16). Our network is 172.16.0.0/24.
So we need to NAT the AWS account network to some other network before connecting to our network.
So we choose the 172.19.0.0/16 network for all customers. Then customer 1 can have 172.19.0.0/24, customer 2 can have 172.19.1.0/24, etc.
The tunnel is up, including phase 1 and phase 2. Whatever we do, the communication is not happening.

Please help.

amichel · May 28, 2025, 12:21:17 PM

Hi,
just to be on the safe side, did you create rules to allow the traffic between the nets? Per default IIRC the firewall will block al traffic.

hariftacademy@gmail.com · May 28, 2025, 01:44:33 PM

Yes, for the testing purpose, we have enabled full access in both OpenSense servers for IPSec tunnels.

Issue while configuring IPSec tunnels with NAT

hariftacademy@gmail.com

May 28, 2025, 11:32:15 AM

amichel

May 28, 2025, 12:21:17 PM #1

hariftacademy@gmail.com

May 28, 2025, 01:44:33 PM #2