Source NAT over IPSEC

deekdeeker · October 28, 2019, 12:13:09 AM

Hello,
I need to do a source NAT over an IPSEC tunnel , when i apply the rule no traffic seems to go through. I did pull up some old posts on this not being supported only via 1-1 NAT only, Can anyone shed any more information on this? I have ubiquity edge router that does this and is also using strongswan.

mimugmail · October 28, 2019, 07:10:00 AM

Just search for binat IPsec, it's documented and works fine :)

deekdeeker · October 28, 2019, 02:15:16 PM

Thanks,
In researching BINAT it seems that this is only avail in the One-to-one NAT section. Im just wondering if this will work or not in my scenario. Currently on the edgerouter I have source NATs from multiple LAN IP's to the translated IPSEC NAT address. So it not exactly the same configuration, dont care if it accomplishes the same task but currently all the LAN machines have their own mapped NAT IP to go out the tunnel.

mimugmail · October 28, 2019, 02:23:12 PM

Sure, just set one IP with /32 as external network :)

deekdeeker · October 28, 2019, 02:30:42 PM

Ok i will have to give this a try over the weekend and will report back , I also assume that i need to add the NAT network the Manual SPD entry section in the phase 2 proposal settings?

mimugmail · October 28, 2019, 07:55:51 PM

Yes :)

Source NAT over IPSEC

deekdeeker

October 28, 2019, 12:13:09 AM

mimugmail

October 28, 2019, 07:10:00 AM #1

deekdeeker

October 28, 2019, 02:15:16 PM #2

mimugmail

October 28, 2019, 02:23:12 PM #3

deekdeeker

October 28, 2019, 02:30:42 PM #4

mimugmail

October 28, 2019, 07:55:51 PM #5