SOLVED - IPsec tunnel with SNAT not working, traffic is sent over WAN instead

[comojr]

Hey all,

I have a weird problem with a IPsec VPN tunnel which I can't wrap my head around...

The following setup works in another tunnel:

Since our internal network could not be used (address conflicts on the remote network) we use SNAT to use a single IP address as "our" network in the VPN tunnel. The remote Network in the tunnel is a private class C network. Everything here is working as expected, traffic flows over IPsec and everything is reachable.

The setup that is not working is basically the same, the only difference is that the remote networks in the IPsec tunnel are a couple of single hosts (192.168.10.x/32 for example), each of them having a seperate SNAT rule. The tunnel is connected fine in phase 1&2. When I try to reach one of the host via the tunnel, the traffic is not sent over IPsec, but over WAN instead.

I've checked everything I could think of, but I can't get the traffic to go over IPsec...

Anyone have any ideas?

[Monviech (Cedrik)]

It sounds like there is no IPsec policy installed that matches the destination of the traffic you are sending.

[comojr]

Wow, thank you so much. I totally missed this while setting up the new tunnel.

[Monviech (Cedrik)]

np :)